Remote Ipsec vpn with forticlient | token twice over email | Radius authentication for vpn users|
Hello all,
I have configured Remote IPsec VPN to access internal network, am using FortiClient.
For User authentication I am using Radius server which is configured at Windows Server (NPS).
Also users are authenticating & getting IP address from Radius Server. (without 2FA Email based)
When I use 2FA with email based - What problem I am facing while accessing the VPN--------->
---> Getting token twice
Refer to the config:-
config user local
edit test
type Radius
set two-factor email
set email-to abc@gmail.com
At that time I am getting email token twice.
FYI - I am using IKE version 2 ... ( For Fortigate IPsec tunnel)
config vpn ipsec phase1-interface
set type dynamic
set interface "port1"
set ip-version 4
set ike-version 2
set authmethod psk
set mode-cfg enable
set eap enable
set eap-identity send-request
set authusrgrp (Test Group)
set assign-ip enable
set assign-ip-from group ( test)
Anyone has any Idea why I am getting token twice over email. I have put effort a lot but issue is remail same.
Without 2FA token working fine and users are authenticating remote radius server properly.
I have followed below article to configure radius server.
Your response would be greatly appreciated.
thank you.