iPhone L2TP VPN not connecting after Duo Push

I use a Watchguard Firebox M200 connecting to the DUO proxy via RADIUS(on a non-standard port 1821) which sits on an existing RADIUS server.

When non-2FA users try to connect to the VPN, it works fine, connecting the users without the 2FA Duo Push prompt.

When I try with a 2FA user, I get the Duo Push prompt, which I tick, Duo authorizes as expected, but it does not connect to the VPN. Instead, I get an error message on the iPhone saying “A connection could not be established to the PPP server…”

If I remove Duo from the equation(ie set my Firebox to use a different Windows RADIUS server), my admin user connects just fine. ie. the VPN config appears to be fine.

Am I missing something with regards to my Windows RADIUS config?

Here’s my authproxy cfg;

host= <–this is the Windows RADIUS server which also has the Duoproxy installed

; SERVERS: Include one or more of the following configuration sections.
; To configure more than one server configuration of the same type, append a
; number to the section name (e.g. radius_server_auto1, radius_server_auto2)

radius_ip_1= <— this is the Watchguard Firebox which is setup to connect to the Duoproxy RADIUS server on port 1821

Hey Robert, please contact Duo Support for help with your issue.