IPSec VPN with PrivacyIDEA TOTP not working

Hi, i have a question regarding authentication PI 3.1.1 totp with IPsec VPN.
I working with fortigate firewall, i have configured SSL VPN with Microsoft Radius and PI 3.1.1 and totp working perfectly.
Unfortunately the IPSec VPN not working, when i sniff with wireshark i"m getting rejects
Is the IPsec VPN Dialup is supported by PI3.1.1 ?

Your information is to sparse.
You need to provide more info about your setup and RADIUS configuration, if s.o. should jump in here.

Hi cornelius,
I appreciate your help.
I"m testing IPsec VPN connection to my fortigate with TOTP tokens.
I configured everything same as SSL VPN authentications.
So i take user LAB2 and add to approciate Security Groups to authenticate againts radius and PI.

When i"m trying to establish connection
So i"m testing with lab2 user from forticlient 6.2.2.


Now go to my nps server to check if the authentication is pass through, and i"m see that i pass the NPS server:


So now i went to PI server, to check if i"m pass the authentication, and as expected, i see that 1 tokens matches.


After a minute when error received on forticlient, that says “my credentials is wrong” .
Then i went back to pi to see if was any failed logs.

And i see error log of wrong otp value


My policy in PI


Would you be able to answer it yourself?

privacyIDEA sees two authentication request.
Did you enter two OTP values?
Probably not.