DUO secondary auth and Citrix Native VPN client

I can log into the Citrix Gateway Web interface and it will Auth against AD as primary and then Duo and secondary with the push. Everything works fine, I can even select full VPN access with the client and it will load client and connect.

If i try to launch the VPN connection directly from the client it fails. Even if I supply the DUO number in the secondary Auth box it still fails. Any ideas?

Version 12.0

Edition: Standard