Help configuring client to site IKEv2 VPN on ER605 V2

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Help configuring client to site IKEv2 VPN on ER605 V2

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Help configuring client to site IKEv2 VPN on ER605 V2
Help configuring client to site IKEv2 VPN on ER605 V2
2022-10-24 11:43:06
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.0.1

I'm currently running an ER605 V2 (firmware 2.0.1) managed by software controller 5.5.6.  I've followed the documentation for setting up IKEv2 for Android and iOS but have been unsuccessful getting it to actually work.  My guess is that it's something wrong with the phase 1 and phase 2 proposals.  The documentation references setting up multiple proposal options which I assume only works in stand-alone mode.  Doing it through the Omada controller, it seems you can only set one proposal.  I've tried various combinations of SHA1 and SHA2, AES 128 and 256, and various DH groups.

 

Has anyone successfully gotten this working with iOS clients and if so, which proposals did you use?

  0      
  0      
#1
Options
4 Reply
Re:Help configuring client to site IKEv2 VPN on ER605 V2
2022-10-25 06:09:01

  @SingletrackMind 

iphone should work with SHA2-AES256.

 

But my suggestion is OpenVPN. Although it requires to install OpenVPN APP, it is still simpler than IKEv2, since you don't need to put in Server settings but just apply the config file.

 

 

  0  
  0  
#2
Options
Re:Help configuring client to site IKEv2 VPN on ER605 V2
2022-10-25 10:15:10

  @Somnus 

 

Perhaps I've not guessed the correct DH group (tried many) with SHA2-AES256 then.  Which have you confirmed to work?  I definitely agreed with OpenVPN being simpler.  It's been my "go to" for years now running from a Synology NAS.  I've configured it on the ER605 as well but at the moment, TP-Link doesn't allow it or I'm assuming any other of the VPN options to configure all traffic to go through the tunnel.  Nonetheless, there are performance limitations (of around 21Mb) on OpenVPN at least on the ER605 (per their tech support and documentation).  IKEv2 is the fastest option so I would like to get that work for when TP-Link enables all traffic tunneling.

  0  
  0  
#3
Options
Re:Help configuring client to site IKEv2 VPN on ER605 V2
2022-10-25 11:18:10

  @SingletrackMind 

 

SHA2 don't work in controller mode, only in stand alone.

Settings is there but even if you use SHA2 router use SHA1, More information in this post

 

https://community.tp-link.com/en/business/forum/topic/565868

  2  
  2  
#4
Options
Re:Help configuring client to site IKEv2 VPN on ER605 V2
2022-10-26 03:44:41
@shberge could be ture. We may need to wait next firmware for the router
  0  
  0  
#5
Options