Add more forms of Authentication for IKEv2 VPNs
Could we add more forms of authentication when using IKEv2 for VPNs. Currently only pre-shared keys are supported which is a huge draw back since windows builtin does not support pre-shared keys when setting up a VPN. Thats a HUGE market of computers that cannot use this feature and IKEv2 is much more secure and faster then any of the other options available. Please at least add username/password authentication.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I concur to this request, I would like to connect to my local network (with a ER605v1 router) with a pc running windows, and using IKev2 protocol. I did not manage to do so, windows requesting username and password, that I can't define in the IKev2 vpn settings of my ER605v1 router. Thanks in advance.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
I think you misunderstood. I'm not talking encryption. I'm talking authentication methods. Currently only pre-shared keys can be used. I would like Username/Password authentication to be added as a minimum so Windows Platforms can talk advantage of IKEv2. Certificate authentication would be nice as well.
- Copy Link
- Report Inappropriate Content
I concur to this request, I would like to connect to my local network (with a ER605v1 router) with a pc running windows, and using IKev2 protocol. I did not manage to do so, windows requesting username and password, that I can't define in the IKev2 vpn settings of my ER605v1 router. Thanks in advance.
- Copy Link
- Report Inappropriate Content
I've spent several hours in agony trying to find the best VPN solution for the ER605 (HW Version 2.3) router
and so far the fastest one seems to be IPSec which sadly only works for iPhone / Android because they support PSK authentication.
L2TP, OpenVPN and Wireguard are easy to setup but horribly slow.
and to make matters worse, i cant enable L2TP and IPsec simultaniously because the IPSec policy clashes.
It would be amazing to connect with Windows clients using MSChap/EAP with Username+Password against IPSec to get ~ 200mbit VPN
- Copy Link
- Report Inappropriate Content
I agree.
WireGuard has become my preferred VPN solution for most deployments, and it already covers many remote-access scenarios very well. However, I still see significant value in adding IKEv2 with EAP-MSCHAPv2 authentication to the ER605.
One of the biggest advantages would be native compatibility with the built-in Windows VPN client. In many environments, especially small businesses and managed deployments, being able to connect without installing additional software is a major benefit.
Beyond Windows compatibility, EAP-MSCHAPv2 would also provide per-user authentication, easier credential management, and better integration with existing authentication infrastructures such as RADIUS.
Even if WireGuard remains the preferred option for performance and simplicity, having standards-based IKEv2 EAP authentication available would make the ER605 and the Omada ecosystem more flexible and suitable for a wider range of deployment scenarios.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 6
Views: 1266
Replies: 5
Voters 6
