VPN IPSEC IKEv2 on er605 v2
VPN IPSEC IKEv2 on er605 v2
I'm trying to configure an ipsec ikev2 VPN on my er605, but I'm having great difficulties in configuring it
I state that the pptp and openvpn configurations work correctly
but I need additional ipsec/ikev2 access
I followed the guide described here https://www.tp-link.com/it/support/faq/3447/
but the connection negotiation doesn't even start, I would like to understand where I'm going wrong
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@Clive_A the result is the same, nothing changes
- Copy Link
- Report Inappropriate Content
Hi @PKD1
Thanks for posting in our business forum.
PKD1 wrote
@Clive_A the result is the same, nothing changes
OK. Just got a confirmation that the Local ID type cannot be matched due to Android does not support the Remote ID type. When you put the ER605 behind the NAT, the Local ID type would be the IP address and this cannot be modified. This will make the authentication fail.
iOS supports changing Remote ID type and it does not happen to Apple products.
Temporary fix now: change it to bridge mode on your modem router. Don't DMZ or put the ER605 behind the NAT.
- Copy Link
- Report Inappropriate Content
@PKD1 @Clive_A
Hi guys,
Im having the same kind of scenario on my setup
ISP >> Router (pppoe to isp) [er605 v2] controlled by oc200
I have a succesful openvpn client to site acces to access my Lan & home servers from my pc, and know I'm trying to do so for my ios devices to acces my local cloud.
I followed this article aswell https://www.tp-link.com/en/support/faq/3447/ , and every time I try to connect via the vpn settings in Iphone (ios17) it just wont connect at all.
Thanks for any help
- Copy Link
- Report Inappropriate Content
Hi @Destor
Thanks for posting in our business forum.
Destor wrote
@PKD1 @Clive_A
Hi guys,
Im having the same kind of scenario on my setup
ISP >> Router (pppoe to isp) [er605 v2] controlled by oc200
I have a succesful openvpn client to site acces to access my Lan & home servers from my pc, and know I'm trying to do so for my ios devices to acces my local cloud.
I followed this article aswell https://www.tp-link.com/en/support/faq/3447/ , and every time I try to connect via the vpn settings in Iphone (ios17) it just wont connect at all.
Thanks for any help
I need to confirm again is your network double-NATed?
Do you specify the ID in the config like the guide?
This might be an encryption issue you can consider changing/adding some encryption in Phase 1. Adding them does not affect the connection, the more type you have, the more chance that it can make a successful negotiation.
Or you can Wireshark like the OP and I need some further details than this.
- Copy Link
- Report Inappropriate Content
@Clive_A
Hi thanks for the reply and sorry for my late one.
**Disclaimer** I have an openvpn vpn server running on my router using user authentication - this is the method I connect with my computer remotely.
My network is as follows:
ISP --> wan into router (er605) -->(LAN) --> switch --> AP's
I dont have a second router/modem between my ISP and my omada router.
- Copy Link
- Report Inappropriate Content
Hi @Destor
Thanks for posting in our business forum.
Destor wrote
@Clive_A
Hi thanks for the reply and sorry for my late one.
**Disclaimer** I have an openvpn vpn server running on my router using user authentication - this is the method I connect with my computer remotely.
My network is as follows:
ISP --> wan into router (er605) -->(LAN) --> switch --> AP's
I dont have a second router/modem between my ISP and my omada router.
What other information can you provide for me? I am not able to judge this issue and if you need, I can simply do a test or upload the video for you to show that it actually works. Please share the screenshots of your config. Words description actually means nothing to me. I cannot verify if your words are truthful as the facts. Mosaic your sensitive information and give all the related screenshots.
Your WAN information is also needed. Mosaic some parts but I still need to read your IP and tell if it is a public one.
- Copy Link
- Report Inappropriate Content
@Clive_A
Hi I'd love to share my info with you can we do it on a private chat?
I believe it's soley the encryption / propsal method in the settings.
- Copy Link
- Report Inappropriate Content
Hi @Destor
Thanks for posting in our business forum.
Destor wrote
@Clive_A
Hi I'd love to share my info with you can we do it on a private chat?
I believe it's soley the encryption / propsal method in the settings.
Contact the technical support team for a private chat. I don't host a private conversation with the members of the forum.
Or share it publicly and mosaic the sensitive information.
- Copy Link
- Report Inappropriate Content
Hi,
I have ran extensive checks on the ipsec vpn both on IOS 17 & Android 1.
The matrix of creating a proposal method and encryption protocol that match each other and the security requirements in mobile OS for an ipsec vpn (ikev2) without user authentication or certificate auth is very complex and seems quite in applicable as any configuration that I've tried prompted that the security is not admissible (aka connection not secured).
Thus I shifted to create a l2tp vpn server with user + shared secret/key authentication which now works amazingly well.
I think that TPLINK should supply a chart that outlines the encryption + proposal encryption that are supported in newer OS versions for all mobile devices as phone companies are opting out of "lower grade" / "less secure" encryption protocols.
Please note that it the omada controller software only one proposal / encryption method is available to choose not like the config guide.
screen capture shows ipsec vpn: (firmware version for er605v2 (2.2.3) omada controller firmware (5.12.9))
- Copy Link
- Report Inappropriate Content
Hi @Destor
Thanks for posting in our business forum.
Destor wrote
Hi,
I have ran extensive checks on the ipsec vpn both on IOS 17 & Android 1.
The matrix of creating a proposal method and encryption protocol that match each other and the security requirements in mobile OS for an ipsec vpn (ikev2) without user authentication or certificate auth is very complex and seems quite in applicable as any configuration that I've tried prompted that the security is not admissible (aka connection not secured).
Thus I shifted to create a l2tp vpn server with user + shared secret/key authentication which now works amazingly well.
I think that TPLINK should supply a chart that outlines the encryption + proposal encryption that are supported in newer OS versions for all mobile devices as phone companies are opting out of "lower grade" / "less secure" encryption protocols.
Please note that it the omada controller software only one proposal / encryption method is available to choose not like the config guide.
screen capture shows ipsec vpn: (firmware version for er605v2 (2.2.3) omada controller firmware (5.12.9))
About the third-party, it would be very convenient for you to search it with Google. We cannot list everything from every vendor.
https://developer.apple.com/documentation/devicemanagement/vpn/ikev2/ikesecurityassociationparameters
This information may not be possible to get from the support. As I found it in the developer docs.
One encryption method does not hurt anything. It'll try the available encryption methods.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2269
Replies: 20
Voters 0
No one has voted for it yet.