Re: IPSEC vpn with certificate auth on forticlient
The reason I ask is because the tunnel will not even try to connect if you have two Diffie-Hellman groups in the FortiClient configuration, since the tunnel will not even build if the FortiClient profile is propagated from EMS. The client act as if it is trying to connect, but it is not.
I have dozens of certificate authenticating clients right now that are working with both xauth and MFA right now.
I hope this helps.