Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ikhtiyor
New Contributor

fortigate vpn ipsec 2fa

Good morning!

I have problems with connecting 2fa vpn. I have IPSEC tunnel vpn. If I connect vpn with 2fa it dies immediately and does not even allow me to enter a password. But if I turn off 2fa, everything works fine.
I used this

config user local
    edit "epass"
       set type password
       set two-factor email
       set email-to "manny@infosecmonkey.org"
       set passwd SuperSecretPassword
    next
end

mail server is

config system email-server
    set server "notification.fortinet.net"
    set port 465
    set security smtps
end

and thats all

 

4 REPLIES 4
Sheikh
Staff
Staff

Hello @ikhtiyor 

Have you checked this technical document ?

https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPsec-Dialup-tunnel-using-IKEv2-with-Forti...

 

regards,

 

Sheikh

 

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
ikhtiyor
New Contributor

hello @Sheikh 
Yes I read that

ikhtiyor
New Contributor

My VPN works if I off 2FA email

Stilty
New Contributor

I'm running into almost this exact issue as well. Non-2FA accounts work fine, but the 2FA enabled ones ask for the password and then show as "connecting" for a long time on the client, never actually connecting. 

config vpn ipsec phase1-interface
    edit "IPsecVPN-Home"
        set type dynamic
        set interface "wan"
        set ike-version 2
        set peertype any
        set net-device disable
        set mode-cfg enable
        set ipv4-dns-server1 10.0.0.11
        set proposal aes256-sha256
        set comments "VPN: IPsecVPN-Home -- Created by VPN wizard"
        set eap enable
        set eap-identity send-request
        set wizard-type dialup-forticlient
        set authusrgrp "Firewall VPN Users"
        set transport udp
        set ipv4-start-ip 10.0.16.1
        set ipv4-end-ip 10.0.16.10
        set save-password enable
        set client-auto-negotiate enable
        set client-keep-alive enable
        set psksecret ENC BLAH
    next
end
config vpn ipsec phase2-interface
    edit "IPsecVPN-Home"
        set phase1name "IPsecVPN-Home"
        set proposal aes256-sha256
        set comments "VPN: IPsecVPN-Home -- Created by VPN wizard"
    next
end

 

Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors