With a somewhat fundamental documentation failure, it looks like FortiGate PPTP VPN do not support CHAP/MSCHAPv2 when you are authenticating your user groups via LDAP. According to Fortinet - this is something they're aware of and works using PAP. When I spoke with them this morning, I advised this is unacceptable as a workaround because it disables encryption! I'll update this when I get a real solution.
Update: Official answer, it's not supported. http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=10718&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=51071690&stateId=0%200%2051073253 . I guess the solution is to use FortiClient (or Check Point...)
Thanks!
ReplyDelete