How to setup an IKEv2 VPN connection on Nebula which is compatible with Android 12 ?

Sébastien

Hi everyone,

I've been using a client-to-site L2TP/IPSec VPN on my Nebula Zyxel USG Flex 100, it was working fine until I upgraded my smartphone from Android 11 to Android 12.

The smartphone now asks to upgrade to IKEv2 while my old L2TP/IPSec is not working anymore.

In the Nebula configuration, I've switched off "L2TP over IPSec VPN server" (because there is no possibility to change IKE version) and switched on "IPSec VPN server" with the following parameters :

• Client VPN subnet : set to a correct value
• IKE version : IKEv2
• DNS server (custom in my network environnement)
• Policy : Default
• Authentication : Nebula Cloud Authentication (users have VPN access authorization, no 2FA)

NAT and security rules are active.

When trying to set up the connection on my smartphone, I don't know what parameters to choose.

Concerning the VPN type, I have the following options :

• IKEv2/IPSec MSCHAPv2
• IKEv2/IPSec PSK
• IKEv2/IPSec RSA

Which one should I use ? On Nebula, when choosing IKEv2 there is no possibility to enter a PSK or a certificate... 

Thanks for your help !

Seb

Zyxel_Cooldia

Hi @sebastian,

Unfortunally, there is no VPN type match for Android 12 IKEv2 currently.

This is confirmed in our roadmap to support this.
We will release Android App for this issue.

Sébastien

Ok, thank you for your answer.

I will switch to on-premise mode until the issue is fixed.

Regards,

Sébastien

mMontana

Zyxel_Cooldia said:

We will release Android App for this issue.

May I advise Zyxel against this? Apps might be sellable like licenses and and subscriptions, but when the app will have issues with some Android flavours (RealOS, MiUI) or hit fragmentation, well... might be a tough path.

IKEv2 + PSK is already supported for IPSec connections...