In this recipe, you use the cloud-assisted OCVPN solution to greatly simplify the provisioning and configuration of IPsec VPN.
Note the following limitations:
- The FortiGate must be registered with a valid FortiCare Support license. You can verify the status of your FortiCare Support contract under System > FortiGuard.
- Only full-mesh VPN configurations using PSK cryptography are supported.
- Public IPs must be used (FortiGates behind NAT cannot participate).
- Non-root VDOMs and FortiGate VMs are not supported.
- Up to 16 nodes can be added to the OCVPN cloud, each with a maximum of 16 subnets.
- OCVPN with SD-WAN is not currently supported.
You can repeat the "Enabling OCVPN" section to add up to 16 nodes to the OCVPN cloud (barring the above limitations), but you will configure only two nodes in this example.