IPSec VPN

Fortinet no longer support SSL VPN in FortiOS 7.6.  I decided to configure IPSec VPN with IKE2.

IPSec VPN

Match FortiClient to FortiOS.

For new deployments, use IKEv2 for better efficiency. 

Use a minimum DH group of 14 for stronger security. 

Prefer DH groups 19 or 31 for even better security, provided the peer is compatible. 

Use Elliptic Curve Diffie-Hellman (ECDH) groups if both devices support them for better performance and security. 

The table only includes the recommended DH groups; it omits DH groups that are not recommended. Any DH groups <15 are not recommended due to low security level. The Brainpool curves (RFC 6954) performs poorly compared to DH group 19, 21, 31, and 32, so they are also omitted. Recommended DH groups are listed for both 128- and 256-bits symmetric key length in prioritized order.

Recommended ECDH groups

  • Group 19: 256-bit elliptic curve, 128 bits of security.

  • Group 20: 384-bit elliptic curve, 192 bits of security.

  • Group 21: 521-bit elliptic curve.

  • Group 31: Curve25519, a modern and efficient option. 

     

DH Group

Computation

Asymmetric key length

Symmetric equivalence

Recommended for Phase2 encryption

31

EC

256-bits

128-bits

AES-128-GCM/CBC

19

EC

256-bits

128-bits

AES-128-GCM/CBC

15

MODP

3072-bits

128-bits

AES-128-GCM/CBC

21

EC

521-bits

256-bits

AES-256-GCM/CBC

\(32\)

EC

448-bits

224-bits

AES-256-GCM/CBC

AES256-GCM is a powerful encryption standard that combines the AES-256 cipher with the Galois/Counter Mode (GCM) to provide both data confidentiality and integrity. It uses a 256-bit key and a nonce to encrypt data, and then generates an authentication tag to ensure that the data hasn’t been tampered with during transmission or storage. This makes AES256-GCM a highly secure and efficient algorithm for protecting sensitive information.

Make sure the IPv4 client address range in the VPN Tunnel matches the Source in the Policy