Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
johnathan
Staff
Staff

Created on ‎11-11-2024 05:16 AM Edited on ‎02-11-2025 10:28 PM By Community Manager

Article Id 356528

Technical Tip: How to use 2FA with the native Windows VPN client

Description This article describes how to use a FortiToken with the native Windows VPN client.
Scope FortiOS.
Solution

It is possible to use a FortiToken with L2TP by appending the token onto the password. Here a local user is configured with a FortiToken, they are inside of a group specified in the L2TP config.

 

ftk1.PNG

l2tp.PNG

When trying to sign in with no token, it is possible to see the tunnel does not come up.

 

l2tp_nopass.PNG

 

deny.PNG

 

When the token is appended to the password, the connection is successful.

 

token.PNG
connected.PNG

The FNBAMD debug taken while authenticating also confirms this. A non-zero return code indicates a failure.

The red attempt is done with no token, and the green attempt is done with the token.

 

fnbamd debug.PNG

This same behavior can be replicated too in native IPsec Dial-up VPN to iOS devices running the 18.2 version.
818
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.