Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

IPsec VPN on iOS with Fortitoken authorize

Dear all technical expert,

Is it possible to use Fortitoken authorize on IPsec VPN connect under iOS device ?

I tried but not work, and just connected once removed the Fortitoken authorize.


Thank you. vshare

Speaking in general (not just about iOS):

If you're using IKEv1 with XAUTH, then any client should work, as long as its developer bothered to implement a way to prompt the user for input when mode-config XAUTH prompt (asking for a token in this case) arrives.


If we're talking IKEv2 with EAP, 2FA with FTK will be exclusively compatible with FortiClient, and no other client. There is (or was) no standard for it, so it is implemented in a custom way (3rd party clients not expected to understand it).


There is also one alternative approach you can try, which is appending the OTP code to the password, i.e. logging in like this:

username: jdoe
password: mypassword123456 ("123456" being the OTP code generated by FortiToken)


FortiGate and FortiAuthenticator support this for situations where the client may not be capable of providing a separate prompt for 2FA. Note that if you're using MSCHAPv2 or similar auth method, this will not work.

[ corrections always welcome ]

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors