config vpn ocvpn
Configure Overlay Controller VPN settings.
config vpn ocvpn
Description: Configure Overlay Controller VPN settings.
set status [enable|disable]
set role [spoke|primary-hub|...]
set multipath [enable|disable]
set sdwan [enable|disable]
set wan-interface <name1>, <name2>, ...
set ip-allocation-block {ipv4-classnet-any}
config overlays
Description: Network overlays to register with Overlay Controller VPN service.
edit <overlay-name>
set inter-overlay [allow|deny]
set assign-ip [enable|disable]
set ipv4-start-ip {ipv4-address}
set ipv4-end-ip {ipv4-address}
config subnets
Description: Internal subnets to register with OCVPN service.
edit <id>
set type [subnet|interface]
set subnet {ipv4-classnet-any}
set interface {string}
next
end
next
end
config forticlient-access
Description: Configure FortiClient settings.
set status [enable|disable]
set psksecret {password-3}
config auth-groups
Description: FortiClient user authentication groups.
edit <name>
set auth-group {string}
set overlays <overlay-name1>, <overlay-name2>, ...
next
end
end
set auto-discovery [enable|disable]
set poll-interval {integer}
set eap [enable|disable]
set eap-users {string}
set nat [enable|disable]
end
config vpn ocvpn
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable Overlay Controller cloud assisted VPN. |
option |
- |
disable |
||||||||
|
|
|||||||||||
role |
Set device role. |
option |
- |
spoke |
||||||||
|
|
|||||||||||
multipath |
Enable/disable multipath redundancy. |
option |
- |
enable |
||||||||
|
|
|||||||||||
sdwan |
Enable/disable adding OCVPN tunnels to SDWAN. |
option |
- |
disable |
||||||||
|
|
|||||||||||
wan-interface |
FortiGate WAN interfaces to use with OCVPN. Interface name. |
string |
Maximum length: 79 |
|
||||||||
ip-allocation-block |
Class B subnet reserved for private IP address assignment. |
ipv4-classnet-any |
Not Specified |
10.254.0.0 255.255.0.0 |
||||||||
auto-discovery |
Enable/disable auto-discovery shortcuts. |
option |
- |
enable |
||||||||
|
|
|||||||||||
poll-interval |
Overlay Controller VPN polling interval. |
integer |
Minimum value: 30 Maximum value: 120 |
30 |
||||||||
eap |
Enable/disable EAP client authentication. |
option |
- |
disable |
||||||||
|
|
|||||||||||
eap-users |
EAP authentication user group. |
string |
Maximum length: 35 |
|
||||||||
nat |
Enable/disable inter-overlay source NAT. |
option |
- |
disable |
||||||||
|
|
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
inter-overlay |
Allow or deny traffic from other overlays. |
option |
- |
deny |
||||||
|
|
|||||||||
assign-ip |
Enable/disable mode-cfg address assignment. |
option |
- |
disable |
||||||
|
|
|||||||||
ipv4-start-ip |
Start of IPv4 range. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||
ipv4-end-ip |
End of IPv4 range. |
ipv4-address |
Not Specified |
0.0.0.0 |
config subnets
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
type |
Subnet type. |
option |
- |
subnet |
||||||
|
|
|||||||||
subnet |
IPv4 address and subnet mask. |
ipv4-classnet-any |
Not Specified |
0.0.0.0 0.0.0.0 |
||||||
interface |
LAN interface. |
string |
Maximum length: 15 |
|
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable FortiClient to access OCVPN networks. |
option |
- |
disable |
||||||
|
|
|||||||||
psksecret |
Pre-shared secret for FortiClient PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). |
password-3 |
Not Specified |
|
config auth-groups
Parameter |
Description |
Type |
Size |
Default |
---|---|---|---|---|
auth-group |
Authentication user group for FortiClient access. |
string |
Maximum length: 35 |
|
overlays |
OCVPN overlays to allow access to. Overlay name. |
string |
Maximum length: 79 |
|