|Resolved In:||Fireware v12.6.2/v12.5.5|
In some cases, the iked process maintains stale Mobile VPN IKEv2 RAS user sessions and prevents additional connections from those users.
With diagnostic logging enabled, log messages such as this appear in the debug logs (where mobile-user is the user name of the user who cannot connect):
May 29 10:41:28 2020 M400 local3.info iked: (x.x.x.x<->y.y.y.y)Delete IKEv2 Child SA under gateway WG IKEv2 MVPN, reason: Failed to create RAS user session for 'mobile-user' user. Error:RAS: user already logged in
The user account does not appear in the Firebox authentication list.