- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to enable DHCP for dialup IPSec VPN?
I feel like I've checked every guide, but not having success. I'm trying to have DHCP via tunnel interface so I can assign a static IP to a user. Users are connecting via native iOS client on iPhone/iPad. When I have phase1 give out the IP, it works fine, I just can't find a way to reserve them. Any insight would be great!
config system interface
edit "MobileVPN"
set vdom "root"
set ip 192.168.50.1 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 192.168.50.1 255.255.255.255
set snmp-index 25
set interface "wan1"
next
end
config system dhcp server
edit 4
set dns-service default
set ntp-service default
set default-gateway 192.168.50.1
set netmask 255.255.255.240
set interface "MobileVPN"
config ip-range
edit 1
set start-ip 192.168.50.2
set end-ip 192.168.50.15
next
end
set server-type ipsec
next
end
config vpn ipsec phase1-interface
edit "MobileVPN"
set type dynamic
set interface "wan1"
set keylife 28800
set peertype any
set net-device enable
set proposal aes256-md5 aes256-sha1
set dpd on-idle
set dhgrp 2
set xauthtype auto
set authusrgrp "VPN_Users"
set psksecret ENC <REDACTED>
set distance 1
set dpd-retryinterval 60
next
end
config vpn ipsec phase2-interface
edit "MobileVPN_P2"
set phase1name "MobileVPN"
set proposal aes256-md5 aes256-sha1
set pfs disable
set keepalive enable
set dhcp-ipsec enable
set keylifeseconds 1800
next
end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you check this one?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No luck. I'm not using the forti client either.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please refer to this article to assign an IP address for dialup VPN from DHCP:- https://community.fortinet.com/t5/FortiGate/Technical-Tip-DHCP-IP-address-reservation-with-Dial-up-I...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That's the link the other user posted. No luck, as I'm not using a Forticlient. The instructions say
To configure DHCP server on the IPSEC client interface.
I posted my config above, is there something missing? I feel like it is configured correctly.
I did a debug it keeps hanging on:
vd-root:0 received a packet(proto=17, <source IP>:10126-><wan IP>4500) tun_id=0.0.0.0 from wan1.
Find an existing session, id-0045ad67, original direction