基本上照著
http://cookbook.fortinet.com/ssl-vpn-using-web-and-tunnel-mode-54/
煮一煮就出來了
不過在寫SOP時,順便更新Client,結果和防毒發生一些不可預計的錯誤 (後來才肯定)
變成我的電腦VPN不上去, Log會寫
"your PC does not meet the host checking requirements set by the firewall. Please check that your OS version or antivirus and firewall applications are installed and running properly or you have the right network interface. "
簡單說就是你的電腦有問題啦~
Fortigate會寫 host checked failed
=接下來就是WTF的Trouble&shooting=
結論是,在cookbook裡的最後一段CLI
config vpn ssl web portal
edit full-access
set host-check av
end
set這段拿掉就沒事了...
根據原廠論壇裡,鄉民討論的,這是個老問題了,無法明確的指出Forti在檢查Client的AV(anti-virus)出了什麼問題
導致他不給VPN (的確...一定要有防毒才安全...但這只是防君子不防小人的作法,我認為是多此一舉)
btw, L2TP目前無解....fuck off L2TP