How to configure VPN via IKEv2/IPSec for Android 11+ and Windows 11 client devices?
Hello!
I followed the instructions here: https://www.tp-link.com/us/support/faq/3447/ (see dark bottom right screenshot in the attachment).
But I could not achieve to configure a VPN server in my Omada controller web interface, using IKEv2/IPSec for connecting Android 11+ and Windows 11 client devices to my network.
Btw.: I have successfully configured a VPN policy with L2TP/IPSec PSK, which works fine with my Windows 11 device and an Android 11 device.
How can I configure an IKEv2/IPSEC VPN policy in the Omada controller web interface, that I can use with these operating systems that offer following VPN types:
- Android 11: IKEv2/IPSsec MSCHAPv2 | IKEv2/IPSsec PSK | IKEv2/IPSsec RSA (see dark upper screenshots in the attachment)
- Android 13: IKEv2/IPSsec MSCHAPv2 | IKEv2/IPSsec PSK | IKEv2/IPSsec RSA (see bright middle screenshots in the attachment)
- Windows 11: IKEv2 username and password | IKEv2 smart card | IKEv2 one-time password | IKEv2 certificate (see dark bottom left screenshot in the attachment)
Thank you very much for any useful hint!
Kind regards,
Gerald
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @gerba
Thanks for posting in our business forum.
gerba wrote
Hi!
What do you mean with 'WG'? Wireguard?
I have to avoid any third party VPN solution.
What I need to know is, how I can establish VPN connection with built-in VPN functionalities of Android 11+ and Windows 11+.
This is what TP-Link product support promised me to work, before I replaced my previous VPN router (ER6120) and my whole other network periphery.
Little update:
I reset the ER7212PC now.
Before that neither the L2TP nor the IKev2 connection worked anymore.
Now I configured only the L2TP VPN server and my Android 11 device quickly connects via VPN again.
So obviously no problem with my setting (ER7212PC "behind" internet router having DMZ configured).
I have this suspicion:
It seems not to be possible to configure more than one VPN policy.
If you do so, none is working - even if you have enabled just one of them.
Can that be true?
If yes, what sense does it make to be able to configure several VPN policies?
Kind regards,
Gerald
Good. If you rule that out, fall back to the question we had.
I can clearly tell you that without the remote ID and putting it behind the NAT, with a setup of Android as the client, there will be a problem. It's written in the internal docs and so far is considered as a flaw in the Android.
About your suspicion, have you verified it?
L2TP is not the same as IPsec. You are avoiding the fact I gave to you about IPsec, NAT and remote ID thing. Don't swap the main topic to that L2TP. I know L2TP would work easily because it can work behind a NAT.
If you wanna say it is not your network environment or Android, I can do a test next week with verifications and results. I'll get an ER7212PC and test IPsec, with and without remote ID and what may happen. In addition, you say it does not support multiple VPN servers, I can also do a multi-VPN server setup.
This will be done in a local network which I don't have any issue with the actual WAN. In your case, things may be different.
In the following replies, I'll be verifying several opinions from you.
1. Does NOT support multiple VPN servers.
2. IPsec VPN is having issues instead of your network environment. Remote ID and NAT don't matter.
- Copy Link
- Report Inappropriate Content
Wounder if both of you understand each other.
I have no issue with my setup,
Router (vpn server ikev2/ipsec) -> nat device.
So I don't think is vpn server is "behind nat" it's infront. Unless
It's router-> pc (install with vpn server)
The vpn server in this case is reach via public ip.
Unless his isp is using CGNat. Then the issues
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3750
Replies: 22
Voters 0
No one has voted for it yet.