Configuring L2TP authentication protocols to use LDAP instead of RADIUS for iOS (iPad/iPhone/iPod t
03/26/2020 20 14940
DESCRIPTION: Configuring L2TP authentication protocols to use LDAP instead of RADIUS for iOS (iPad/iPhone/iPod touch) connections
iOS devices accept the first supported authentication protocol proposed by the server. The default preferred authentication protocol order in SonicOS (prior to 184.108.40.206 and 220.127.116.11) is CHAP, PAP, MS-CHAP, and then MS-CHAPv2. In 18.104.22.168 and 22.214.171.124 the order has been changed to MS-CHAPv2, CHAP, MS-CHAP, and then PAP. This combined with the iOS behavior of accepting the first supported authentication protocol will require RADIUS authentication because Active Directory does not support CHAP, MS-CHAP, or MS-CHAPv2. To force L2TP connections from iOS devices to use LDAP instead of RADIUS, follow the steps outlined below.
Log into the SonicWall security appliance using your admin credentials.
Navigate to VPN > L2TP Server. Click Configure.
Click on the PPP tab. Ensure that "PAP" is moved to the top of the list. Click OK.
Upgrades from previous firmware versions will retain the original ordering. The new ordering is set on new installations only. Authentication protocols can also be changed for use with RADIUS