I use IPSEC for VPN on my FGT. I’m looking to buy a new travel router which can connect right to my FGT, but having no luck. It seems most travel routers support OpenVPN, Tailscale, or something else.
Has anyone here had success finding a good travel router to connect to their FGT VPN?
You can use a FortiAP to make the connection and provide WiFi simultaneously.
Anything from MikroTik should work, for example hap ax2.
You just need one that supports ipsec. There are some from gLI or something like that. I haven’t used one but I remember reading some threads on Reddit about this before.
Fortiextender will do the job with some limitations.
FortiExtender would be a good idea for this.
Are you taking about your own fortigate at home? If you want to connect via ipsec vpn why not just connect using your laptop (Mac or Windows) to your fortigate? And then access whatever resources you need to access inside your home network.
Fortigate have now released a new small Fortigate-30G. But you can also use Teltonika if you only need IPsec.
Why not just buy a 2nd FortiGate that’s preconfigured with an IPsec tunnel back to your other FortiGate? Something like a 40F would be relatively inexpensive if it’s used frequently (i.e., if you travel a lot).
Mikrotiks hEX or mAP devices are cool. Very powerful yet complicated software but they some models come with poe out, sometimes even poe in, sfp ports and sometimes even a small wifi access point in a really small formfactor
Sierra, Cradlepoint, FWF40, etc.
Hi, look for a travel router like GL.iNet that you can reflash with OpenWRT… or if they come with OpenWRT…
then just install the packages…
for ex: GL.iNet GL-MT300N V2
how to re-flash https://openwrt.org/toh/gl.inet/gl-mt300n_v2
how to install ipsec
https://openwrt.org/docs/guide-user/services/vpn/strongswan/basics
This does require that you dig around a bit to get it to work…
another option would be to buy a raspberry pi and install PiVPN on it and put it behind your fortigate on a DMZ.
and the just use the wireguard client on your laptops and phones…
What are you connecting to the router that you couldn’t just use FortiClient for?
This one I use, I make a PPTP connection to my fortigate, or it can also do a L2TP.
Fortinet makes RAPs. We use U23FJs and it sounds like thats exactly what you need.
Fortiextender that connects to FG using IPsec or this : Overview | FortiGate / FortiOS 7.6.0 | Fortinet Document Library
I’m using Unifi Express for this. It’s CAD$179 here, so not too expensive and it does exactly what I want it. It provides LAN connectivity where you can plug in a dumb switch if you need more than one wired devices to connect, and on top of that it also has a built-in AP that provides wireless access for my other devices (phone, iPad, etc.). I even tested mobile tethering over ethernet dongle on my Android phone and it works without issues. Nice thing here is that, since you can’t bridge other wireless networks on this device, you can bypass that by connecting your phone to, let’s say, hotel network, and then use your phone’s tethering capabilities to connect Unifi Express and devices behind it to the Internet, including access to remote side of the VPN via IPSec.
Sidenote - I actually had to purchase an Android phone to do this the way I want to because my iPhone of course doesn’t allow USB Ethernet tethering, and when it also is unable (at least I think it is) to tether WiFi connection at the same time you’re connected to its hotspot.
You can check out the new FG30G
IPsec client. Dial up vpn
I was looking at GLI, but they dont seem to support it natively. There is some alleged hack ways, but nothing official