Fortinet white logo
Fortinet white logo

CLI Reference

config vpn ipsec manualkey-interface

config vpn ipsec manualkey-interface

Configure IPsec manual keys.

config vpn ipsec manualkey-interface
    Description: Configure IPsec manual keys.
    edit <name>
        set addr-type [4|6]
        set auth-alg [null|md5|...]
        set auth-key {user}
        set enc-alg [null|des|...]
        set enc-key {user}
        set interface {string}
        set ip-version [4|6]
        set local-gw {ipv4-address-any}
        set local-gw6 {ipv6-address}
        set local-spi {user}
        set npu-offload [enable|disable]
        set remote-gw {ipv4-address}
        set remote-gw6 {ipv6-address}
        set remote-spi {user}
    next
end

config vpn ipsec manualkey-interface

Parameter

Description

Type

Size

addr-type

IP version to use for IP packets.

option

-

Option

Description

4

Use IPv4 addressing for IP packets.

6

Use IPv6 addressing for IP packets.

auth-alg

Authentication algorithm. Must be the same for both ends of the tunnel.

option

-

Option

Description

null

null

md5

md5

sha1

sha1

sha256

sha256

sha384

sha384

sha512

sha512

auth-key

Hexadecimal authentication key in 16-digit (8-byte) segments separated by hyphens.

user

Not Specified

enc-alg

Encryption algorithm. Must be the same for both ends of the tunnel.

option

-

Option

Description

null

null

des

des

3des

3des

aes128

aes128

aes192

aes192

aes256

aes256

aria128

aria128

aria192

aria192

aria256

aria256

seed

seed

enc-key

Hexadecimal encryption key in 16-digit (8-byte) segments separated by hyphens.

user

Not Specified

interface

Name of the physical, aggregate, or VLAN interface.

string

Maximum length: 15

ip-version

IP version to use for VPN interface.

option

-

Option

Description

4

Use IPv4 addressing for gateways.

6

Use IPv6 addressing for gateways.

local-gw

IPv4 address of the local gateway's external interface.

ipv4-address-any

Not Specified

local-gw6

Local IPv6 address of VPN gateway.

ipv6-address

Not Specified

local-spi

Local SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules.

user

Not Specified

name

IPsec tunnel name.

string

Maximum length: 15

npu-offload *

Enable/disable offloading IPsec VPN manual key sessions to NPUs.

option

-

Option

Description

enable

Enable NPU offloading.

disable

Disable NPU offloading.

remote-gw

IPv4 address of the remote gateway's external interface.

ipv4-address

Not Specified

remote-gw6

Remote IPv6 address of VPN gateway.

ipv6-address

Not Specified

remote-spi

Remote SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules.

user

Not Specified

* This parameter may not exist in some models.

config vpn ipsec manualkey-interface

config vpn ipsec manualkey-interface

Configure IPsec manual keys.

config vpn ipsec manualkey-interface
    Description: Configure IPsec manual keys.
    edit <name>
        set addr-type [4|6]
        set auth-alg [null|md5|...]
        set auth-key {user}
        set enc-alg [null|des|...]
        set enc-key {user}
        set interface {string}
        set ip-version [4|6]
        set local-gw {ipv4-address-any}
        set local-gw6 {ipv6-address}
        set local-spi {user}
        set npu-offload [enable|disable]
        set remote-gw {ipv4-address}
        set remote-gw6 {ipv6-address}
        set remote-spi {user}
    next
end

config vpn ipsec manualkey-interface

Parameter

Description

Type

Size

addr-type

IP version to use for IP packets.

option

-

Option

Description

4

Use IPv4 addressing for IP packets.

6

Use IPv6 addressing for IP packets.

auth-alg

Authentication algorithm. Must be the same for both ends of the tunnel.

option

-

Option

Description

null

null

md5

md5

sha1

sha1

sha256

sha256

sha384

sha384

sha512

sha512

auth-key

Hexadecimal authentication key in 16-digit (8-byte) segments separated by hyphens.

user

Not Specified

enc-alg

Encryption algorithm. Must be the same for both ends of the tunnel.

option

-

Option

Description

null

null

des

des

3des

3des

aes128

aes128

aes192

aes192

aes256

aes256

aria128

aria128

aria192

aria192

aria256

aria256

seed

seed

enc-key

Hexadecimal encryption key in 16-digit (8-byte) segments separated by hyphens.

user

Not Specified

interface

Name of the physical, aggregate, or VLAN interface.

string

Maximum length: 15

ip-version

IP version to use for VPN interface.

option

-

Option

Description

4

Use IPv4 addressing for gateways.

6

Use IPv6 addressing for gateways.

local-gw

IPv4 address of the local gateway's external interface.

ipv4-address-any

Not Specified

local-gw6

Local IPv6 address of VPN gateway.

ipv6-address

Not Specified

local-spi

Local SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules.

user

Not Specified

name

IPsec tunnel name.

string

Maximum length: 15

npu-offload *

Enable/disable offloading IPsec VPN manual key sessions to NPUs.

option

-

Option

Description

enable

Enable NPU offloading.

disable

Disable NPU offloading.

remote-gw

IPv4 address of the remote gateway's external interface.

ipv4-address

Not Specified

remote-gw6

Remote IPv6 address of VPN gateway.

ipv6-address

Not Specified

remote-spi

Remote SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules.

user

Not Specified

* This parameter may not exist in some models.