iPhone L2TP VPN not connecting after Duo Push

I use a Watchguard Firebox M200 connecting to the DUO proxy via RADIUS(on a non-standard port 1821) which sits on an existing RADIUS server.

When non-2FA users try to connect to the VPN, it works fine, connecting the users without the 2FA Duo Push prompt.

When I try with a 2FA user, I get the Duo Push prompt, which I tick, Duo authorizes as expected, but it does not connect to the VPN. Instead, I get an error message on the iPhone saying “A connection could not be established to the PPP server…”

If I remove Duo from the equation(ie set my Firebox to use a different Windows RADIUS server), my admin user connects just fine. ie. the VPN config appears to be fine.

Am I missing something with regards to my Windows RADIUS config?

Here’s my authproxy cfg;

[radius_client]
host=192.168.10.31 <–this is the Windows RADIUS server which also has the Duoproxy installed
secret=**********
pass_through_all=true

; SERVERS: Include one or more of the following configuration sections.
; To configure more than one server configuration of the same type, append a
; number to the section name (e.g. radius_server_auto1, radius_server_auto2)

[radius_server_auto]
ikey=*********
skey=**********
■■■■
radius_ip_1=192.168.10.1 <— this is the Watchguard Firebox which is setup to connect to the Duoproxy RADIUS server on port 1821
radius_secret_1=*******
failmode=safe
client=radius_client
port=1821
failmode=safe
pass_through_all=true

Hey Robert, please contact Duo Support for help with your issue.