About er605 and IPSecA VPN for android
Hi guys,
I tried using the settings stated here
How to connect to Omada Router using IKEv2 VPN of Android/iOS | TP-Link
My current lan is 192.168.0.
Remote host is 0.0.0.0
Local subnet is 192.168.0
The ip pool is 192.168.50
But it didn't work, it says my remote gateway (0.0.0.0) has to be different than my IP Pool in Phase 1. If i remembered correctly, 0.0.0.0 is the code to accept any address from the internet, thus making any address I'm putting in my IP Pool to be in such state no matter what.
Anything I'm missing?
You know what, if you have done this and it works, can you just share me your settings?
I would appreciate it.
Thank you for your help.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi, I've tried to reproduce your scenario and I think that it could be your misconfiguration, you should tightly follow that configuration guide on the official website. Here is my configuration and I successfully set up the VPN tunnel, you can check it as reference. Just set the IP pool as 10.1.1.1/24 and try again~
- Copy Link
- Report Inappropriate Content
Thx for the reply...
I can't seem to save it because this keeps on popping out.
do you have any idea why?
- Copy Link
- Report Inappropriate Content
Hi, this is just easy to deal with. You are receiving this notice because the IKE encryption protocol you set for both ends are different, here you can see in the picture below, when setting IPsec VPN on the router, you will have to set encryption proposals for phase1 and phase2, here in phase 1, there are 4 proposals, to use the VPN properly, on the other end, the encryption method must match one of the proposals. But it seems that you cannnot change the proposal yourself on the Android phone, so you can search on the Internet for the proposal of your phone, I think it should be the same within the same brand of phone. Only when the encryption method are the same on both ends, the tunnel can be established, it's like you locked the door on the router, and you wanna unlock it on the phone, so you must use exactly the same key on both sides ottherwise you won't be able to unlock the same door.
- Copy Link
- Report Inappropriate Content
Wow, you are spot on about that...
The problem is, I can't match the phase 2 to phase 1 because I have different interface for phase 2
and for some reason if I just enter one proposal, the Android connection can not be established...
- Copy Link
- Report Inappropriate Content
Well I think you didn't get what I mean, when setting up IPsec VPN, the IKE encryption process contains two phases, phase1 and phase2, different encryption informations are confirmed in the different phases, and there are different encryption methods used in different phases. What you need to do is match the phase1 and phase2 proposals on both ends, which means you need to make sure the phase1 proposal on both ends are the same, not to make phase1 and phase2 encryption proposal on the same end to be the same.
It says the phase1 encrypition methods are different on two ends so you need to check what phase1 encryption proposal is there on your Android phone and set the same one on your router. Also the same for phase2.
- Copy Link
- Report Inappropriate Content
I do iunderstand you, but I have multiple problems
for phase 1 and phase 2, er605 is giving me different options for encryption... Hell, it's not even the same interface...
This is the options for phase 1, the one that I chose was sha2, aes 256 and dh 14
this is for phase 2.
For some reason, it always started with esp. I don't even see any dh option anywhere here.
The only way I can make this work is if I put in these
phase 1: SHA2-aes 256-dh16
phase 2: esp-Sha2-AES256
forget about the options tplink or the one you pasted in... I can't pick anything in phase 2 that will not give me the errors.
Given the settings that I put in, I can't connect it using my phone... I really don't know how to make it work here...
- Copy Link
- Report Inappropriate Content
Well you still didn't get what I mean, the proposals for phase1 and phase2 are different. What I mean is, on your router and your phone both exist the encryption process and the encryption process is consisted of two phases, which are phase1 and phase2, you must ensure the phase1 settings on your router and the phase1 settings on your phone are the same, otherwise the tunnel cannot be established, that's why I told you to check for your phone's default phase1 settings and input a matched proposal on router.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 802
Replies: 7
Voters 0
No one has voted for it yet.