I feel like I've checked every guide, but not having success. I'm trying to have DHCP via tunnel interface so I can assign a static IP to a user. Users are connecting via native iOS client on iPhone/iPad. When I have phase1 give out the IP, it works fine, I just can't find a way to reserve them. Any insight would be great!
config system interface
edit "MobileVPN"
set vdom "root"
set ip 192.168.50.1 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 192.168.50.1 255.255.255.255
set snmp-index 25
set interface "wan1"
next
end
config system dhcp server
edit 4
set dns-service default
set ntp-service default
set default-gateway 192.168.50.1
set netmask 255.255.255.240
set interface "MobileVPN"
config ip-range
edit 1
set start-ip 192.168.50.2
set end-ip 192.168.50.15
next
end
set server-type ipsec
next
end
config vpn ipsec phase1-interface
edit "MobileVPN"
set type dynamic
set interface "wan1"
set keylife 28800
set peertype any
set net-device enable
set proposal aes256-md5 aes256-sha1
set dpd on-idle
set dhgrp 2
set xauthtype auto
set authusrgrp "VPN_Users"
set psksecret ENC <REDACTED>
set distance 1
set dpd-retryinterval 60
next
end
config vpn ipsec phase2-interface
edit "MobileVPN_P2"
set phase1name "MobileVPN"
set proposal aes256-md5 aes256-sha1
set pfs disable
set keepalive enable
set dhcp-ipsec enable
set keylifeseconds 1800
next
end
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Did you check this one?
No luck. I'm not using the forti client either.
Please refer to this article to assign an IP address for dialup VPN from DHCP:- https://community.fortinet.com/t5/FortiGate/Technical-Tip-DHCP-IP-address-reservation-with-Dial-up-I...
That's the link the other user posted. No luck, as I'm not using a Forticlient. The instructions say
To configure DHCP server on the IPSEC client interface.
I posted my config above, is there something missing? I feel like it is configured correctly.
I did a debug it keeps hanging on:
vd-root:0 received a packet(proto=17, <source IP>:10126-><wan IP>4500) tun_id=0.0.0.0 from wan1.
Find an existing session, id-0045ad67, original direction
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.