- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
L2TP/IPSEC trouble with concurrent sessions
Hello! I have two Fortigate-100D OS 5.6 working in cluster and configured with enabled VDOMs.
Users created in Radius and Fortigate successfully auth it, L2TP/IPSEC working fine.
I need to limit one sessions per user. For example user can connect to VPN from account on smartphone and on PC, but our purpoise to do only 1 active connection per user, that belong to Radius usergroup. Is option on fortigate to do it?
Also I try to use options, that allow users can connect to VPN from same external IP. Users from remote office with NAT (with same external IP) need to connect our VPN. I set up for my Radius-vpn group auth-concurrent-override enable and limit it to 50 sessions - set auth-concurrent-value 50, but it does not work. When first user connected to VPN, second user after succsessfull connection knocks out established first user. Why?
config vdom
edit vdomvpnname
config user group
edit "RADIUS_GROUP_VPN_USERS"
set auth-concurrent-override enable
set auth-concurrent-value 50
set member "Radius_server"
next
end
Also I show my global config, this I also add rule set policy-auth-concurrent 50 - but it also no effect:
config system global
set admintimeout 20
set disk-usage log
set hostname "fortigatecluster1"
set policy-auth-concurrent 50
set switch-controller enable
set timezone 83
set vdom-admin enable
end
Thank you for help.
- Labels:
-
5.6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Colleagues, does someone have solutions to the problem?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The question is still relevant, please help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I have the same problem, people disconnect other people when connecting, seem to have a max connection somewhere...
here, my max seems to be 4 people... so very low number and it is blocking
any help ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If your user group, I would check for concurrent user values
config user group edit "dialup" set auth-concurrent-override enable set auth-concurrent-value 10
set member local1 local2 grp101 next end
Ken Felix
PCNSE
NSE
StrongSwan