ER605 v2 adds SHA2 encryption to the IPsec VPN function and supports IKEv2

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER605 v2 adds SHA2 encryption to the IPsec VPN function and supports IKEv2

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605 v2 adds SHA2 encryption to the IPsec VPN function and supports IKEv2
ER605 v2 adds SHA2 encryption to the IPsec VPN function and supports IKEv2
2022-06-26 05:42:56 - last edited 2022-11-05 13:03:15
Tags: #VPN
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version:

@Fae or somebody from TP-Link

how to configure SHA2 encryption on ER605 v2 , and ER605 v1?

next firmware have come on ER605 v1 but I don't find SHA2 on it either.

 

 

  0      
  0      
#1
Options
23 Reply
Re:ER605 v2 adds SHA2 encryption to the IPsec VPN function and supports IKEv2
2022-06-27 02:15:32 - last edited 2022-11-05 13:03:15

Dear @shberge,

 

shberge wrote

how to configure SHA2 encryption on ER605 v2 , and ER605 v1?

next firmware have come on ER605 v1 but I don't find SHA2 on it either.

 

Omada Controller v5.4 will add SHA2 encryption. At present, SHA2 encryption is supported on ER605 V2 in Standalone mode.

 

 

The ER605 V1 1.2.1 firmware doesn't add SHA2 encryption, it will be supported in the subsequent firmware update, please check the final firmware release note for confirmation.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#2
Options
Re:ER605 v2 adds SHA2 encryption to the IPsec VPN function and supports IKEv2
2022-06-27 05:41:31

  @Fae 

 

OK, Thanks for information.

  0  
  0  
#3
Options
Re:ER605 v2 adds SHA2 encryption to the IPsec VPN function and supports IKEv2
2022-07-29 17:33:20

  @Fae 

 

i try sha2 here but it doesn't seem to work, vpn connects only with sha1, i can configure sha1 on one site and sha2 on another site it still works connect both sites with sha1,
controller is 5.4.6 on ubuntu firmware on ER605v2 is 2.0.2 Build 20220727 Rel.51535, but I have tried several versions on the router, none of them work with sha2

 

 

  0  
  0  
#4
Options
Re:ER605 v2 adds SHA2 encryption to the IPsec VPN function and supports IKEv2
2022-08-01 02:23:19 - last edited 2022-08-01 02:23:38

Dear @shberge,

 

shberge wrote

i try sha2 here but it doesn't seem to work, vpn connects only with sha1, i can configure sha1 on one site and sha2 on another site it still works connect both sites with sha1,
controller is 5.4.6 on ubuntu firmware on ER605v2 is 2.0.2 Build 20220727 Rel.51535, but I have tried several versions on the router, none of them work with sha2

 

Did you try SHA2 with two ER605 v2, Or one ER605 v1 + one ER605 v2?

 

Kind note that Omada Controller v5.4 has added the support of the SHA2 configuration, but it requires upgrading the ER605 to the adapted firmware to make SHA2 take effect. The current latest ER605 v1 firmware (1.2.1) doesn't support SHA2 yet.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#5
Options
Re:ER605 v2 adds SHA2 encryption to the IPsec VPN function and supports IKEv2
2022-08-01 06:09:26 - last edited 2022-08-01 06:23:06

  @Fae 

 

there are two ER605v2

but the stratrange thing is if I use SHA2 in one site and SHA1 in another site vpn still work. 

 

My settings

  0  
  0  
#6
Options
Re:ER605 v2 adds SHA2 encryption to the IPsec VPN function and supports IKEv2
2022-08-01 08:16:05 - last edited 2022-08-01 08:16:15

Dear @shberge,

 

shberge wrote

there are two ER605v2

but the stratrange thing is if I use SHA2 in one site and SHA1 in another site vpn still work. 

 

Thanks for confirming the information.

The issue has been reported to the support engineer for further investigation. Any update, will keep you informed.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#7
Options
Re:ER605 v2 adds SHA2 encryption to the IPsec VPN function and supports IKEv2
2022-08-19 20:18:56

Fae wrote

Dear @shberge,

 

shberge wrote

there are two ER605v2

but the stratrange thing is if I use SHA2 in one site and SHA1 in another site vpn still work. 

 

Thanks for confirming the information.

The issue has been reported to the support engineer for further investigation. Any update, will keep you informed.

  @Fae 

 

Is there any update on this?

 

  0  
  0  
#8
Options
Re:ER605 v2 adds SHA2 encryption to the IPsec VPN function and supports IKEv2
2022-08-22 02:53:11 - last edited 2022-08-22 03:06:40

Dear @shberge,

 

Sorry that I forgot to update this case. The issue has been addressed, it's due to that the current ER605 V2 2.0.1 firmware is still adapted to Controller 4.3.5, so SHA2 configuration on the Controller v5.4 doesn't take effect. The subsequent firmware update of the ER605 v2 will be adapted to the Controller v5.4.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#9
Options
Re:ER605 v2 adds SHA2 encryption to the IPsec VPN function and supports IKEv2
2022-11-03 15:11:51 - last edited 2022-11-03 15:52:10

  @Fae 

 

I upgraded the ER7206 today but SHA2 still doesn't work in controller mode, can you check what happened? all VPN tunnels connect with SHA1 even if I choose SHA2

and in standalone ony Phase-1 work, Phase-2 have to use SHA1 settings to work

I do testing aginst a Cisco ASA firewall

 

 

 

 

 

connection info on Cisco.

 

Phase-1                                                                             Phase-2

 

 

 

 

 

 

 

 

  0  
  0  
#10
Options
Re:ER605 v2 adds SHA2 encryption to the IPsec VPN function and supports IKEv2
2022-11-04 07:58:41

  @Fae 

 

I do a test with ER605v2 and this router connect to Cisco ASA with no issue with SHA2

 

  0  
  0  
#11
Options