Hi,
I am trying to setup L2TP/IPsec with RADIUS authentication.
I could connect to the server by using Windows native VPN client.
However, "Framed-IP-Address" defined in RADIUS was not assigned to the client,
the first usable IP address (10.10.10.2) between l2tp's "sip" and "eip" was assigned instead.
It seems possible with SSL-VPN, but not possible in L2TP/IPsec (using Windows native VPN client)?
Here is the relevant configuration.
config vpn ipsec phase1-interface
edit "L2tpoIPsec"
set type dynamic
set interface "wan"
set peertype any
set net-device disable
set proposal aes256-sha1 aes256-sha256
set comments "VPN: L2tpoIPsec (Created by VPN wizard)"
set dhgrp 2 14
set wizard-type dialup-windows
set psksecret "...."
next
end
config vpn ipsec phase2-interface
edit "L2tpoIPsec"
set phase1name "L2tpoIPsec"
set proposal aes256-md5 3des-sha1 aes192-sha1
set pfs disable
set encapsulation transport-mode
set l2tp enable
set comments "VPN: L2tpoIPsec (Created by VPN wizard)"
set keylifeseconds 3600
next
end
config vpn l2tp
set status enable
set eip 10.10.10.100
set sip 10.10.10.1
set usrgrp "a-radius-group"
end
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
With the current design of FortiOS L2tp dialup VPN is able to assign IP addresses only and only from the configured IP address range.
Ahmad
Hi,
With the current design of FortiOS L2tp dialup VPN is able to assign IP addresses only and only from the configured IP address range.
Ahmad
Thank you for the clarification.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.