Gwinn Schools IpsecVPN

UserSetup

  • NOTE! As of 6/2018 vpn users (and override users) are setup in the Gwinn vdom.

How to Setup Windows IPSEC Forticlient

  • Download and install the Forticlient installer available here: FortiClientOnlineInstaller_5.4.0.0780.exe  

  • Once the Forticlient installer is complete you must import the config file which is linked here (You must call REMC1 SupportNet to download the config file): /wiki/spaces/NET/pages/16909809

  • You MUST DELETE THIS CONFIG FILE WHEN DONE. It contains a preshared key. If its leaked the ipsec tunnel will not be secure and will need to be changed.  
  • Once the Forticlient is installed Start it up. You will find it in your start menu->All Programs->Forticlient  

  • Once started go to file->settings click restore button and select the config file you downloaded above then click the OK button until you're back at the Forticlient login screen.  

  • Now to connect Select Maresa from the drop down in the center of the window.  
  • Fill in your user/pass for connecting to the VPN (this user/pass is supplied by Gwinn Support currently).  

  • Click Connect. It will show you as connected shortly and minimize the window.  
  • NOTE: All your internet traffic will now flow over this VPN so disconnect the client immediately when you are done.

How to setup the MacOSX Cisco Vpn Client

  • Under Control-Panel -> Go to Networking then click the plus sign in the bottom left of the window  

  • In the drop down select vpn  
  • Select Cisco VPN as the VPN type.  
  • For the settings the Address is : 207.75.56.4
  • Your fortigate user/pass is currently supplied by Gwinn (Note to staff: It has to be a member of Gwinn-IPSEC group in the Gwinn vdom).
  • Now click the Authentication Settings box. A new window pops up.  
  • The Group Name is: GwinnIpsecClient
  • Secret: The shared secret is known by Gwinn support and obtainable from Gwinn by request.

  • Click the OK button (after entering in the Shared Secret and Group Name.  
  • Now at this window (the main vpn config window) OPTIONAL: Click Show VPN Status in Menu Bar. (This box will then appear on your top menu bar close to the clock and look like a box with five vertical lines as of OSX 10.4 to 10.10).  
  • Click apply (making sure your Account name and Password are typed in).  
  • Now to connect either select the VPN from the drop down box (if you checked the option "Show VPN status in Menu Bar) OR Go to settings->Networking->click on the vpn in the left pane and then in the right pane select connect.   

IOS Instructions 

How to setup the IOS Cisco VPN Client

  • ON the IOS/Iphone device go to Settings->General->VPN  

  • Click "Add VPN Configuration" at the bottom of this screen  
  • Select IPsec at the top  
  • For description type whatever you want (GwinnIPSEC etc..etc..)  
  • Server: 207.75.56.4
  • Account: Supplied by Gwinn.

  • Password: Supplied by Gwinn.
  • Group Name: GwinnIpsecClient
  • Secret: Supplied by Gwinn as described above.

  • IMPORTANT: CLICK SAVE VPN CONFIGURATION at the bottom of this window. Anytime you make changes you MUST CLICK THIS BUTTON or all settings are lost.  
  • Now after clicking save changes you'll be back at the main vpn list.   

How to connect after setting up the IOS Cisco VPN

  • Go to Settings. You'll now see a new VPN option in the list under Personal Hotspot. Select VPN  
  • On this new screen click on the vpn you just created and click the toggle switch at the top right of the screen. Wait till status changes from Connecting to Connected. A VPN icon will appear in the top left of your iphone screen (next to the wireless signal bars) indicating that you are connected.  
  • When you are done DISCONNECT by following the connect instructions above and hit the toggle switch again flipping it to the OFF position. The VPN icon at the top of your screen will disappear. If you have trouble call the Gwinn Helpdesk for help.   

Troubleshooting: The VPN connects but I can't contact the server X over it

  • Cause: as long as the subnets that you are trying to access over the vpn are not part of the LAN you're connecting from they will route over the VPN along with ALL YOUR INTERNET TRAFFIC.  
  • I have run into hotel networks that conflict with the VPN network such as at Shanty Creek where their LAN was 10.20.X and the subnet I was trying to reach over the VPN was 10.20.150.0. This didn't work and I had to tether to my iphone and then connect the vpn over that since the addresses I was accessing over the VPN conflicted/overlapped with the addresses on the Guest Network at the hotel.Â