Allow FortiClient to join OCVPN
Administrators can configure remote access for FortiClient within an OCVPN hub. This provides simple configurations to allow a user group access to an overlay network.
To configure remote FortiClient access to an OCVPN hub in the GUI:
- On the primary hub, configure the users and user groups required for the FortiClient dialup user authentication and authorization. In this example, there are two user groups (dev_grp and qa_grp).
- Go to VPN > Overlay Controller VPN and in the Overlays section, click Create New.
- Enter a name and the local subnet (174.16.101.0/24 for dev and 22.202.2.0/24 for qa).
- Enable FortiClient Access.
- In the Access Rules section, click Create New.
- Enter a name, and select the authentication groups and overlays.The authentication groups will be used by the IPsec phase 1 interface for authentication, and by firewall policies for authorization. The overlay allows access to the resource.
- Click OK.
- Create more rules if needed.
- Click Apply.
To view the tunnel status and activity in the GUI:
- Go to Dashboard > Network.
- Click the IPsec widget to expand to full screen view.
To configure remote FortiClient access to an OCVPN hub in the CLI:
config vpn ocvpn set status enable set role primary-hub