Hot!L2TP/IPSEC trouble with concurrent sessions

Author
antooo
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/10/13 01:26:38
  • Status: offline
2017/10/16 01:57:18 (permalink) 5.6
0

L2TP/IPSEC trouble with concurrent sessions

Hello! I have two Fortigate-100D OS 5.6 working in cluster and configured with enabled VDOMs.
Users created in Radius and Fortigate successfully auth it, L2TP/IPSEC working fine.
I need to limit one sessions per user. For example user can connect to VPN from account on smartphone and on PC, but our purpoise to do only 1 active connection per user, that belong to Radius usergroup. Is option on fortigate to do it?
 
Also I try to use options, that allow users can connect to VPN from same external IP. Users from remote office with NAT (with same external IP) need to connect our VPN. I set up for my Radius-vpn group auth-concurrent-override enable and limit it to 50 sessions - set auth-concurrent-value 50, but it does not work. When first user connected to VPN, second user after succsessfull connection knocks out established first user. Why?

config vdom
edit vdomvpnname
config user group

    edit "RADIUS_GROUP_VPN_USERS"
        set auth-concurrent-override enable
        set auth-concurrent-value 50
        set member "Radius_server"
    next
end

Also I show my global config, this I also add rule set policy-auth-concurrent 50 - but it also no effect:
 

config system global
    set admintimeout 20
    set disk-usage log
    set hostname "fortigatecluster1"
    set policy-auth-concurrent 50
    set switch-controller enable
    set timezone 83
    set vdom-admin enable
end

Thank you for help.
post edited by antooo - 2017/10/17 00:24:38
#1

4 Replies Related Threads

    antooo
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/10/13 01:26:38
    • Status: offline
    Re: L2TP/IPSEC trouble with concurrent sessions 2017/10/18 07:59:58 (permalink)
    0
    Colleagues, does someone have solutions to the problem?
    #2
    antooo
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/10/13 01:26:38
    • Status: offline
    Re: L2TP/IPSEC trouble with concurrent sessions 2017/10/25 01:55:50 (permalink)
    0
    The question is still relevant, please help.
    #3
    packsys
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/09/13 01:18:37
    • Status: offline
    Re: L2TP/IPSEC trouble with concurrent sessions 2018/09/13 01:20:18 (permalink)
    0
    Hello,
     
    I have the same problem, people disconnect other people when connecting, seem to have a max connection somewhere...
    here, my max seems to be 4 people... so very low number and it is blocking
    any help ?
     
    #4
    emnoc
    Expert Member
    • Total Posts : 5979
    • Scores: 402
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: L2TP/IPSEC trouble with concurrent sessions 2021/02/22 11:54:20 (permalink)
    0
    If your user group, I would check for concurrent user values
     
     
    config user group
    edit "dialup"
    set auth-concurrent-override enable
    set auth-concurrent-value 10
    set member local1 local2 grp101
    next
    end
     
     
    Ken Felix

    PCNSE 
    NSE 
    StrongSwan  
    #5
    Jump to:
    © 2021 APG vNext Commercial Version 5.5