I have an IPsec L2TP VPN configured on Fortigate FG-60F at our office.
When a VPN client connects from their home PC using Windows built in VPN
client, then their home public IP (let's use 10.20.30.40 as an example)
becomes totally inaccessible from ...
In the odd case that people from Fortinet read this forum here are a few
serious shortcomings in the user interface I stumbled upon as a new user
of FortiGate 60F with previous experience in Linux iptables, Cisco ISR,
Cisco ASA, Vyatta, and pfSense. ...
If anyone else comes looking for a solution to this problem, the
solution is as follows: Do not use route-based VPN but instead use
policy based VPN configuration. That means you should not create VPN
tunnel using: config vpn ipsec phase1-interface c...
Ken, The problem is not wih the VPN client and its own routing, but with
the Fortigate L2TP VPN server. I have attached a diagram, real IP
addresses have been replaced with examples. 1. Home server has a service
port-forwarded to home public IP 1.1.1...
emnoc wrote:Not a bug it's just how a L2TP vpn works. Hi Ken and thanks
for responding. I don't agree that this is how L2TP works because I used
numerous other implementations and they didn't have such limitations.
Please also see the update I posted...
By checking IKE logs I have discovered that NATOA-i reported by the
client (local LAN address) gets replaced not by L2TP assigned remote
client IP address but with client's public IP address. This means that
not only is client's public IP inaccessilb...