Pritunl link with fortigate 60F

We are trying to setup a site-to-site link between a vpn server running on pritunl and our office network.

A link has been configured on pritunl-server webUI with two locations:

• VM with pritunl-link on Azure cloud:
  • We have added the pritunl-link1 host to pritunl-link with pritunl-link add pritunl://token:secret@test.pritunl.com.
  • This made the link “Active” on the webUI.
• office router (fortigate 60F):
  • We got the configuration from the webUI and configured a VPN connection on the router.
  • The conenction reports green on the router’s interface.

image1355×674 59.6 KB

Looking at the pritunl-link journactl we can see that:

• the ipsec link is established.
  

• pritunl-link is throwing an error about the check on port 9790.
  

  

  image1166×341 100 KB

The firewall on Azure and on the Fortigate router has been configured to allow all traffic.

But the connection doesn’t work.
I don’t see any other option on the Fortigate router that has anything to do with port 9790.
Before, we had a working link with an Edge Router, which worked fine.

Can you please advise on what might be the problem?

That is just a warning from the host checking. It can be removed by running sudo pritunl-link host-check-off and check that host checking is disabled in the link settings. The host checking sends requests between pritunl-link hosts on port 9790, it would only work if pritunl-link is running on the other host. Running sudo ipsec statusall will show relevant information on the status of the ipsec connection.

The link is connected so it is likely an issue with a firewall or routing table. The instance source/dest checking needs to be disabled and /var/lib/pritunl-link/routes should match the routing table on that network with the pritunl-link as the next hop.

Thanks Zach, the issue turned out to be the firewall on the Fortigate router. It was not forwarding the traffic from the s2s interface to the vlans we wanted to access.