Hi,
I am trying to setup L2TP/IPsec with RADIUS authentication.
I could connect to the server by using Windows native VPN client.
However, "Framed-IP-Address" defined in RADIUS was not assigned to the client,
the first usable IP address (10.10.10.2) between l2tp's "sip" and "eip" was assigned instead.
It seems possible with SSL-VPN, but not possible in L2TP/IPsec (using Windows native VPN client)?
Here is the relevant configuration.
config vpn ipsec phase1-interface
edit "L2tpoIPsec"
set type dynamic
set interface "wan"
set peertype any
set net-device disable
set proposal aes256-sha1 aes256-sha256
set comments "VPN: L2tpoIPsec (Created by VPN wizard)"
set dhgrp 2 14
set wizard-type dialup-windows
set psksecret "...."
next
end
config vpn ipsec phase2-interface
edit "L2tpoIPsec"
set phase1name "L2tpoIPsec"
set proposal aes256-md5 3des-sha1 aes192-sha1
set pfs disable
set encapsulation transport-mode
set l2tp enable
set comments "VPN: L2tpoIPsec (Created by VPN wizard)"
set keylifeseconds 3600
next
end
config vpn l2tp
set status enable
set eip 10.10.10.100
set sip 10.10.10.1
set usrgrp "a-radius-group"
end
- FortiGate 40-F
- Firmware: v7.0.11 build0489
