IKEv2/IPSec VPN server to connect Windows clients to the network.

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

IKEv2/IPSec VPN server to connect Windows clients to the network.

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
IKEv2/IPSec VPN server to connect Windows clients to the network.
IKEv2/IPSec VPN server to connect Windows clients to the network.
2022-09-09 13:14:26
Model: OC300  
Hardware Version: V1
Firmware Version: 5.4.7

Hi,

 

I configured IKEv2/IPSec VPN server according to:

IKEv2/IPSec VPN server to connect Android 12 clients to the network. - Business Community (tp-link.com)

 

I can connect to VPN using android phone, but it fails on Windows 10.

 

Does anyone have configuration working with Windows 10?

  0      
  0      
#1
Options
4 Reply
Re:IKEv2/IPSec VPN server to connect Windows clients to the network.
2022-09-12 07:24:20
Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:IKEv2/IPSec VPN server to connect Windows clients to the network.
2022-09-12 11:21:15

  @Virgo Hi, this manuals are for different VPN types. I want to use Client-to-Site VPN with IPSec server (so stack will be IKEv2/IPSec). I have multiple subnetworks and only this type allows me to select to which subnetwork given client should have access. For other VPN types I can define list of networks only per server, not per client. 
 

  0  
  0  
#3
Options
Re:IKEv2/IPSec VPN server to connect Windows clients to the network.
2022-09-12 16:32:26

  @mpjlech 

 

If you are behind the NAT, you have to modify registry to make IPSec VPN work.

 

2 methods (1a or 1b):

Step 1a) Open the Registry Editor (regedit.exe) and go to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent

 

Create a DWORD parameter with the name AssumeUDPEncapsulationContextOnSendRule and the value 2;

 

Note. Possible AssumeUDPEncapsulationContextOnSendRule values are:
  • 0 – (a default value) suggests that the server is connected to the Internet without NAT;
  • 1 – the VPN server is behind a NAT device ;
  • 2 — both VPN server and client are behind a NAT.

 

 

Step 1b) Open the Powershell:

 

Set-ItemProperty -Path "HKLM:SYSTEM\CurrentControlSet\Services\PolicyAgent" -Name "AssumeUDPEncapsulationContextOnSendRule" -Type DWORD -Value 2 –Force;

 

Step 2)

Restart computer.

  0  
  0  
#4
Options
Re:IKEv2/IPSec VPN server to connect Windows clients to the network.
2022-09-22 09:33:39
Hey, server is not behind NAT. It is normally configured on Omada. The problem I have is that I have 3 networks: - group 1 - group 2 - group 3 When I create VPN server I can define to which of these group client should have access to. So the create VPN for each of the group, I need to deploy 3 servers. It is not possible with any kind of the servers except IKEv2/IPsec.
  2  
  2  
#5
Options