Android 12 and ikev2
All Replies
-
I am also using it like that on a USGFLEX100
0 -
Yes but what I can't get working is the built in VPN client on phone and have to use strongswan...but on my phone built in VPN client I can't leave the IPsec identifier blank if I set to the DNS logs show its up then disconnects with strongswan it works fine.
0 -
Its a Samsung limitaton on hashing algorithms as I recall. Anyway Strongswan seamlessly integrates into Android.
1 -
Thank you @Peppino , thank you @PeterUK for your feedbacks. Would you be so kind to check the configuration and log that i posted a few days ago and compare it with yours? I really cannot understand what i am missing. Apart from the ATP i've made some tests on an USG40 behind a Fritzbox router: the router is configured so that the firewall is the "exposed host".
I understand that having the firewall directly connected to the internet is by far better but sometimes this is not possible because the ISP supplies VoIP services only on their devices and do not give configurations.
As for using the built in client i also am aware that there is a limitation with Samsung about the DH algorithms, somewhere i read that Zyxel added new DH with latest firmwares but Strongswan seems to be the easier way on Samsung
0 -
You might have overlooked what PeterUK wrote:
"If the certificate says a IP then the fw needs to have that IP and be WAN"
So since the router has the external IP, your ATP claims to have an internal IP which in turn will not match the one set in the certificate.
0 -
Maybe I just didn't want to read such a thing ;-)
Can we close it saying that there is no possibility to create a client-server VPN (with certificate) with a firewall behind a router?
0 -
Correct
0 -
I think it might be possible if the certificate uses DNS then a IP?
1 -
Do you mean ddns?
Who should issue the certificate?
Have any of you even done it? (How? ;-) )
Thank you again
0 -
Theoretically it could work. The certificate is created by you inside the ATP, under objects-certificates. This needs to be exported as file and imported into the Android phone. How did you make it work last time? Not like this?
0
Ally Member
Guru Member
Freshman Member
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 79 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 909 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 898 Nebula FAQ
- 415 Security FAQ
- 234 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight
