Allow FortiClient to join OCVPN

Administrators can configure remote access for FortiClient within an OCVPN hub. This provides simple configurations to allow a user group access to an overlay network.

To configure remote FortiClient access to an OCVPN hub in the GUI:
  1. On the primary hub, configure the users and user groups required for the FortiClient dialup user authentication and authorization. In this example, there are two user groups (dev_grp and qa_grp).
  2. Go to VPN > Overlay Controller VPN and in the Overlays section, click Create New.
  3. Enter a name and the local subnet (174.16.101.0/24 for dev and 22.202.2.0/24 for qa).
  4. Enable FortiClient Access.
  5. In the Access Rules section, click Create New.
  6. Enter a name, and select the authentication groups and overlays.The authentication groups will be used by the IPsec phase 1 interface for authentication, and by firewall policies for authorization. The overlay allows access to the resource.
  7. Click OK.
  8. Create more rules if needed.
  9. Click Apply.

To view the tunnel status and activity in the GUI:
  1. Go to Dashboard > Network.
  2. Click the IPsec widget to expand to full screen view.

To configure remote FortiClient access to an OCVPN hub in the CLI:
config vpn ocvpn
    set status enable
    set role primary-hub