Hello!
I have an environment with VPN connections using Native Android VPN. I've configured the policy and tunnel, and everything is working fine. However, I need to reserve IP addresses for the devices. In the current L2TP configuration, it's only possible to define an IP range, which results in random IP allocation.
I would like to know if it’s possible to point to a DHCP relay, use the firewall's own DHCP, or any other method that allows IP reservation for each device.
Below is the functional VPN configuration:
Firewall OS Version 7.0.14
config vpn ipsec phase1-interface
edit "VPN_XXXXXXX"
set type dynamic
set interface "port2"
set peertype any
set net-device disable
set proposal aes256-md5 3des-sha1 aes192-sha1
set comments "VPN: VPN_XXXXXXX (Created by VPN wizard)"
set dhgrp 2
set wizard-type dialup-android
set psksecret ENC
next
config vpn ipsec phase2-interface
edit "VPN_XXXXXXX"
set phase1name "VPN_XXXXXXX"
set proposal aes256-md5 3des-sha1 aes192-sha1
set pfs disable
set encapsulation transport-mode
set l2tp enable
set comments "VPN: VPN_XXXXXXX (Created by VPN wizard)"
set keylifeseconds 3600
next
config vpn l2tp
set status enable
set eip 192.168.4.10
set sip 192.168.4.1
set usrgrp "bodycam"
end
Thank you in advance for your support!
Hello,
Can you try to follow this article to use external DHCP server for dial up clients :
Thank you.
Hello @Kush_Patel, thank you for your support. However, if I enable mode-cfg on the IPsec, the native Android L2TP/IPSec PSK VPN stops working.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.