Hi @ceejaybassist 

ceejaybassist wrote

  @Clive_A Should I set the IP Pool to a non-existing subnet or to an existing subnet?

It does not matter AFAICS.

Hi @yorkman 

Thanks for posting in our business forum.

yorkman wrote

  @Clive_A 

 

I'm using the ER605 with Omada Controller (v5.13.23) and followed this guide for both iOS and Android settings. I have a vpn connection setup for L2TP and that works fine when connecting from my iOS phone.

 

With IKEv2 however on iOS phone and Android tablet, I can't connect to the vpn server regardless of the Local/Remote ID's suggested on this site. And I've tried DH2 and DH14.

 

Any ideas?

1. Is the IPsec on your iPhone Cisco IPsec? If it is Cisco IPsec, there might be a compatibility issue.

2. Android has been tested and working by myself several times. You should check if your IP is public or not. Read the notes. It is very important to bypass the double-NAT if that's your case.

Hi @yorkman 

Thanks for posting in our business forum.

yorkman wrote

  @Clive_A 

 

Thanks for your response.

 

My Android tablet doesn't have the option of connecting to the internet via sim card so I have to hotspot through my iPhone. I'm guessing the connection gets lost there. I was also hoping maybe I could connect to Omada's L2TP vpn from my iPhone (since that works fine) and that'd give me LAN access on my android trablet once I connect via hotspot but it doesn't work.

 

As an alternative though, I'd like to get ipsec/ikev2 vpn working on the Omada controller with my iPhone 12 at least but that won't work either. Omada does have a WAN public ip that it gets from my ISP. I tried NAT'ing ports 500 & 4500 UDP but that didn't make a difference. I'd like to get the iPhone to connect using ipsec/ikev2 as then I could concentrate on getting the android tablet to connect to the same vpn because I can't have both L2TP and IKEv2 on Omada. Why? Because once the L2TP vpn is created & configured it won't let me create the IKEv2 vpn due to an error "This IPSEC VPN policy has the same IP addresses settings for peer routers on the VPN tunnel as the existing one, the Phase-1 settings should be the same." So again, that is why I'd prefer to get IPSEC vpn working on Omada since both the iPhone & Android devices can connect to it.

 

On my iPhone, am I supposed to use Cisco IPSEC or IKEv2 for VPN Type if Omada's configured for IKEv2? I tried both anyway but still it won't connect to the vpn on Omada.

You can start a new thread on your problem.

Please make sure you upload the screenshots for the verification on your settings. Since you mentioned double-NAT, I require a WAN screenshot.

Please mosaic your sensitive information. Here is a list of information considered sensitive:

1. Public IP address on your WAN if your WAN is.

2. Real MAC address of your device.

3. Your personal information including address, domain name, and credentials.

For troubleshooting purposes, when a WAN IP is needed, please leave some values visible for identification.