config vpn ocvpn
Configure Overlay Controller VPN settings.
config vpn ocvpn
Description: Configure Overlay Controller VPN settings.
set status [enable|disable]
set role [spoke|primary-hub|...]
set multipath [enable|disable]
set sdwan [enable|disable]
set wan-interface <name1>, <name2>, ...
set ip-allocation-block {ipv4-classnet-any}
config overlays
Description: Network overlays to register with Overlay Controller VPN service.
edit <overlay-name>
set inter-overlay [allow|deny]
set assign-ip [enable|disable]
set ipv4-start-ip {ipv4-address}
set ipv4-end-ip {ipv4-address}
config subnets
Description: Internal subnets to register with OCVPN service.
edit <id>
set type [subnet|interface]
set subnet {ipv4-classnet-any}
set interface {string}
next
end
next
end
config forticlient-access
Description: Configure FortiClient settings.
set status [enable|disable]
set psksecret {password-3}
config auth-groups
Description: FortiClient user authentication groups.
edit <name>
set auth-group {string}
set overlays <overlay-name1>, <overlay-name2>, ...
next
end
end
set auto-discovery [enable|disable]
set poll-interval {integer}
set eap [enable|disable]
set eap-users {string}
set nat [enable|disable]
end
config vpn ocvpn
Parameter name |
Description |
Type |
Size |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable Overlay Controller cloud assisted VPN. |
option |
- |
||||||||
|
|
||||||||||
role |
Set device role. |
option |
- |
||||||||
|
|
||||||||||
multipath |
Enable/disable multipath redundancy. |
option |
- |
||||||||
|
|
||||||||||
sdwan |
Enable/disable adding OCVPN tunnels to SDWAN. |
option |
- |
||||||||
|
|
||||||||||
wan-interface `<name>` |
FortiGate WAN interfaces to use with OCVPN.<br>Interface name. |
string |
Maximum length: 79 |
||||||||
ip-allocation-block |
Class B subnet reserved for private IP address assignment. |
ipv4-classnet-any |
Not Specified |
||||||||
auto-discovery |
Enable/disable auto-discovery shortcuts. |
option |
- |
||||||||
|
|
||||||||||
poll-interval |
Overlay Controller VPN polling interval. |
integer |
Minimum value: 30 Maximum value: 120 |
||||||||
eap |
Enable/disable EAP client authentication. |
option |
- |
||||||||
|
|
||||||||||
eap-users |
EAP authentication user group. |
string |
Maximum length: 35 |
||||||||
nat |
Enable/disable inter-overlay source NAT. |
option |
- |
||||||||
|
|
Parameter name |
Description |
Type |
Size |
||||||
---|---|---|---|---|---|---|---|---|---|
inter-overlay |
Allow or deny traffic from other overlays. |
option |
- |
||||||
|
|
||||||||
assign-ip |
Enable/disable mode-cfg address assignment. |
option |
- |
||||||
|
|
||||||||
ipv4-start-ip |
Start of IPv4 range. |
ipv4-address |
Not Specified |
||||||
ipv4-end-ip |
End of IPv4 range. |
ipv4-address |
Not Specified |
config subnets
Parameter name |
Description |
Type |
Size |
||||||
---|---|---|---|---|---|---|---|---|---|
type |
Subnet type. |
option |
- |
||||||
|
|
||||||||
subnet |
IPv4 address and subnet mask. |
ipv4-classnet-any |
Not Specified |
||||||
interface |
LAN interface. |
string |
Maximum length: 15 |
Parameter name |
Description |
Type |
Size |
||||||
---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable FortiClient to access OCVPN networks. |
option |
- |
||||||
|
|
||||||||
psksecret |
Pre-shared secret for FortiClient PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). |
password-3 |
Not Specified |
config auth-groups
Parameter name |
Description |
Type |
Size |
---|---|---|---|
auth-group |
Authentication user group for FortiClient access. |
string |
Maximum length: 35 |
overlays `<overlay-name>` |
OCVPN overlays to allow access to.<br>Overlay name. |
string |
Maximum length: 79 |