Troubleshooting Tip: Dialup IPsec VPN with FortiToken fails to connect
| Description | This article describes how to fix a dial-up IPsec VPN with FortiToken fails to connect. |
| Scope | FortiGate, FortiAuthenticator. |
| Solution |
The user cannot connect to dial-up IPsec VPN with FortiToken and encountered ‘FortiClient Wrong Credentials EAP failed connecting’ error. While successful when connecting without FortiToken. Another error that commonly appear is 'EAPPasswordError':
The setup is a dial-up IPsec VPN IKEv2 using RADIUS authentication, where FortiGate is the RADIUS client while the FortiAuthenticator is the RADIUS server.
Enable ‘Allow OTP for EAP-MSCHAPv2 Authentication with FortiClient’ on the RADIUS Service policy of FortiGate on the FortiAuthenticator to fix these errors.
MSCHAP2 is a prerequisite of this setup.
Related articles: Technical Tip: Authenticating users using MSCHAP2 PEAPTechnical Tip: Joining FortiAuthenticator in the active directory as a machine entity |
