Hi @Destor 

Thanks for posting in our business forum.

Destor wrote

  @PKD1 @Clive_A 
Hi guys,
Im having the same kind of scenario on my setup

ISP >> Router (pppoe to isp) [er605 v2] controlled by oc200

I have a succesful openvpn client to site acces to access my Lan & home servers from my pc, and know I'm trying to do so for my ios devices to acces my local cloud.

I followed this article aswell https://www.tp-link.com/en/support/faq/3447/ ,  and every time I try to connect via the vpn settings in Iphone (ios17) it just wont connect at all.

Thanks for any help 

 

I need to confirm again is your network double-NATed?

Do you specify the ID in the config like the guide?

This might be an encryption issue you can consider changing/adding some encryption in Phase 1. Adding them does not affect the connection, the more type you have, the more chance that it can make a successful negotiation.

Or you can Wireshark like the OP and I need some further details than this.

Hi @Destor 

Thanks for posting in our business forum.

Destor wrote

  @Clive_A 
Hi thanks for the reply and sorry for my late one.
**Disclaimer** I have an openvpn vpn server running on my router using user authentication - this is the method I connect with my computer remotely.
My network is as follows:

ISP --> wan into router (er605) -->(LAN) --> switch --> AP's

I dont have a second router/modem between my ISP and my omada router.

 

What other information can you provide for me? I am not able to judge this issue and if you need, I can simply do a test or upload the video for you to show that it actually works. Please share the screenshots of your config. Words description actually means nothing to me. I cannot verify if your words are truthful as the facts. Mosaic your sensitive information and give all the related screenshots.

Your WAN information is also needed. Mosaic some parts but I still need to read your IP and tell if it is a public one.

Hi @Destor 

Thanks for posting in our business forum.

Destor wrote

  @Clive_A 
Hi I'd love to share my info with you can we do it on a private chat?
I believe it's soley the encryption / propsal method in the settings.
 

Contact the technical support team for a private chat. I don't host a private conversation with the members of the forum.

Or share it publicly and mosaic the sensitive information.

Hi @Destor 

Thanks for posting in our business forum.

Destor wrote

  @Clive_A 

Hi,
I have ran extensive checks on the ipsec vpn both on IOS 17 & Android 1.

The matrix of creating a proposal method and encryption protocol that match each other and the security requirements in mobile OS for an ipsec vpn (ikev2) without user authentication or certificate auth is very complex and seems quite in applicable as any configuration that I've tried prompted that the security is not admissible (aka connection not secured).

Thus I shifted to create a l2tp vpn server with user + shared secret/key authentication which now works amazingly well.

I think that TPLINK should supply a chart that outlines the encryption + proposal encryption that are supported in newer OS versions for all mobile devices as phone companies are opting out of "lower grade" / "less secure" encryption protocols.

Please note that it the omada controller software only one proposal / encryption method is available to choose not like the config guide.

screen capture shows ipsec vpn: (firmware version for er605v2 (2.2.3) omada controller firmware (5.12.9))

 

About the third-party, it would be very convenient for you to search it with Google. We cannot list everything from every vendor.

https://developer.apple.com/documentation/devicemanagement/vpn/ikev2/ikesecurityassociationparameters

This information may not be possible to get from the support. As I found it in the developer docs.

One encryption method does not hurt anything. It'll try the available encryption methods.