Has anyone setup a mobile VPN profile that works with Chromebooks? I have one that works with both iOS and Android devices but Chromsbooks dont work with it or any tweaks that I make. I've googled around and can't seem to find anything beyond a suggestion by one person that perhaps XAUTH isn't supported but I can't imagine that to be true. ANy tales or success or failure?
For What It's Worth (which may not be much), I think the Chromebook natively supports L2TP/IPsec VPN connections, which means you'll need:
1. An L2TP configuration on the FortiGate
2. A policy-based VPN
You would define a client IP pool and user group under 'config vpn l2tp'.
The policy-based VPN would take care of the IPsec leg of the connection.
The issue is, an L2TP authentication event is not an XAUTH logon. The two are separate and distinct. Since L2TP takes care of authentication, you would not be able to/are not required to define the user group a second time under the Phase 1 XAUTH settings.
I setup the l2tp portion with no issue. No matter what values I enter in the GUI for creating a policy based IPSec VPN (after enabling it in the features part.. I totally blanked on that), I get "Input Invalid" or something to that effect.
I tried to create a phase 1 non-interface myself instead of useing the "create every time" option whcih seemed to make sense but nothing I created would show up. SOmething I"m doing in the policy is missing here. I'm on 5.2.3 if this is a known bug.
When I do the debug, it never hits the tunnel that I created. It seems to skip past the policy baesd VPN and move right on to the IPSec VPN that was there before for iPhones. This is even after I moved the policy for the VPN above the policies for the other mobile/dialup.
I think from Rain Man memory that the IPsec policy-based tunnel needs to be configured in transport mode, according to the most recent round of documentation on how to create L2TP/IPsec tunnels on the FortiGate.
Could you share the Phase 1 settings for the Chromebook tunnel?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.