Skip to main content
avaz
avaz
New Member
November 21, 2016
Question

VPN IPSEC Radius Problem

  • November 21, 2016
  • 1 reply
  • 4746 views

Hello.

I can´t  get radius accouting on an IPSEC L2TP VPN shortly after the user is able to log in. Fortigate does not send packets to port 1813

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    November 21, 2016

    You need to give us a little more than just saying "RADIUS doesn't work" for us to even guess the cause. What did you configure for RADIUS?

    avaz
    avazAuthor
    New Member
    November 24, 2016

    Hi Toshi,

    In the FG config i have a VPN L2TP/IPSEC server ( Windows Native Clients)  with group authenticated by RADIUS server.

    In my FG, the authorization is work fine , but the accounting packets is not send to my RADIUS server .

     

    config user radius     edit "RADIUS2"         set server "172.16.40.60"         set secret ENC JdPy+6Y15z2xnFd8v4h7sCpszrwifp9tYmXuOtirfjIjYgp4K7ROqSBiBqUH95SLqXyzgylsX3B3Ntm3gDV+7INW+OUhv7MMmyfOAKyB48QVxRmsUmkE3LP4Dl3ZQblBtBkgImeEZ5QNxiHzNdulQuuoZyvAEqyWHzIKAJLiS8243Ip5KFwqk8vWqOYnbbi23FtPJw==         set nas-ip 172.16.40.222         set acct-interim-interval 600         set secondary-server "172.16.40.61"         set secondary-secret ENC VA9OZlgriAmCOfdYYw2KcxKNsbxsy9X3XnXbZ6Xex0cbRfiiZ0wD4r9NaDORBMeG6OVkOzdWFifMcxsmNYxQmWkoO9uHsRBQwhJ8EdZvf3+635QW7pzsMMh7X5cdJijcZYAFrRPJ93SSWgjw63XBR0FEHqhPKej6ga62Q+6PZxPnP2IXnvLeXdevuemmf0vgQn3hMw==         config accounting-server             edit 1                 set status enable                 set server "172.16.40.60"                 set secret ENC cgqLIQcuc9d58/V5AeTKDEWFAz8Jn/+Iy9WH3uiWVRHSvzpe5FqL9oUBUakb3WrdWVwg4lSfR2OmY/ShoNrqQAtcMMF+XWVb0sRz9ej1BV6l5wyDW2avlSsxKlt94eOme4Ri5PfZYHS3tdUxHC3YTIw10Jge+YROZr3pJPyRQuWyWfwGxVPngRRQDiz13QAHC/A3kA==                 set source-ip 172.16.40.222             next         end     next end

     

    Thanks

     

    Vaz

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    November 25, 2016

    Sorry I thought RADIU authentication didn't work. I haven't used RADIUS accounting with Fortigate. You need to ask somebody else.

    But based on some doc I found Like below:

    http://kb.fortinet.com/kb/viewAttachment.do?attachID=Fortinet%20Solutions%20RSSO%20-%20RADIUS%20Single%20Sign%20On.pdf&documentID=FD35018

    , FG doesn't seem to act as a regular NAS.

    Terms & ConditionsAccessibility statement