IPsec to Fortigate

Hi I’m trying to configure IPsec to Fortigate based on a strongSwan ipsec.conf file without luck.

The log shows

 Received a valid R-U-THERE, ACK sent

an den loops the same data

The ipsec.conf file contains

        conn work
	type=tunnel
	authby=secret
	ikelifetime=1440m
	keylife=60m
	aggressive=no
	ike=3des-sha1-modp1024!	#Phase1 parameters
	esp=3des-sha1!			#Phase2 parameters
	xauth=client              #Xauth client mode 
	left=         #local IP used to connect to IOS
	leftid=                 #IKEID (group name) used for IOS
	leftsourceip=%config      #apply received IP
	leftauth=psk
	leftauth2=xauth
	rightauth=psk
	rightauth2=xauth           #use PSK for group RA and Xauth for user cisco
	right=xxx.xxx.xxx.xxx        #gateway (IOS) IP 
	rightsubnet=172.16.0.0/16
	xauth_identity=user      #identity for Xauth, password in ipsec.secrets
	auto=add

my config:

Is there anything I should know?

I’m really new to this and I don’t even know where to start the debug, so any help will be really appreciated.

For a person which is new to IPSEC or even new to VPNs it’s near impossible to get it right at first several tries. I’ve jumped into similar thing when I was asked to connect Mikrotik router to strongswan VPN server and it was nightmare.

I have no experience with Fortigate, but since you are doing steps based on strongswan config file, guides like this helps a lot.

Anyway, enable debugging in strongswan: https://wiki.strongswan.org/projects/strongswan/wiki/Loggerconfiguration#Configuration-in-ipsecconf

In Mikrotik enable debugging as well:

/system logging add topics=ipsec action=memory

And then just step by step alter the configurations while closely monitoring logs to see what is failing.

Good luck!