ER605 v2 adds SHA2 encryption to the IPsec VPN function and supports IKEv2

@Fae or somebody from TP-Link
how to configure SHA2 encryption on ER605 v2 , and ER605 v1?
next firmware have come on ER605 v1 but I don't find SHA2 on it either.

- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content

Dear @shberge,
shberge wrote
how to configure SHA2 encryption on ER605 v2 , and ER605 v1?
next firmware have come on ER605 v1 but I don't find SHA2 on it either.
Omada Controller v5.4 will add SHA2 encryption. At present, SHA2 encryption is supported on ER605 V2 in Standalone mode.

The ER605 V1 1.2.1 firmware doesn't add SHA2 encryption, it will be supported in the subsequent firmware update, please check the final firmware release note for confirmation.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
i try sha2 here but it doesn't seem to work, vpn connects only with sha1, i can configure sha1 on one site and sha2 on another site it still works connect both sites with sha1,
 controller is 5.4.6 on ubuntu firmware on ER605v2 is 2.0.2 Build 20220727 Rel.51535, but I have tried several versions on the router, none of them work with sha2
- Copy Link
- Report Inappropriate Content

Dear @shberge,
shberge wrote
i try sha2 here but it doesn't seem to work, vpn connects only with sha1, i can configure sha1 on one site and sha2 on another site it still works connect both sites with sha1,
controller is 5.4.6 on ubuntu firmware on ER605v2 is 2.0.2 Build 20220727 Rel.51535, but I have tried several versions on the router, none of them work with sha2
Did you try SHA2 with two ER605 v2, Or one ER605 v1 + one ER605 v2?
Kind note that Omada Controller v5.4 has added the support of the SHA2 configuration, but it requires upgrading the ER605 to the adapted firmware to make SHA2 take effect. The current latest ER605 v1 firmware (1.2.1) doesn't support SHA2 yet.
- Copy Link
- Report Inappropriate Content
there are two ER605v2
but the stratrange thing is if I use SHA2 in one site and SHA1 in another site vpn still work.
My settings

- Copy Link
- Report Inappropriate Content

- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content

Dear @shberge,
Sorry that I forgot to update this case. The issue has been addressed, it's due to that the current ER605 V2 2.0.1 firmware is still adapted to Controller 4.3.5, so SHA2 configuration on the Controller v5.4 doesn't take effect. The subsequent firmware update of the ER605 v2 will be adapted to the Controller v5.4.
- Copy Link
- Report Inappropriate Content
I upgraded the ER7206 today but SHA2 still doesn't work in controller mode, can you check what happened? all VPN tunnels connect with SHA1 even if I choose SHA2
and in standalone ony Phase-1 work, Phase-2 have to use SHA1 settings to work
I do testing aginst a Cisco ASA firewall


connection info on Cisco.
Phase-1 Phase-2


- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content

Information
Helpful: 0
Views: 5842
Replies: 23
Voters 0
No one has voted for it yet.

