Firewall USG110 with VPN connection via IKEv2 is not working both on Preshared-Key or Cerfiticate

ductiena12

I had read all the thread about IKEv2 on Zyxel forum but cannot successfully configure the firewall to do such thing. It's showed that there was a paring key but notthing more, client stuck at connecting forever. Does anyone know how to config IKEv2 on this firewall to work with an android phone ? I already configured IPSec IKEv1 and L2TP successful, but some device only has IKEv2 so I need IKEv2 as well.

Thanks for your attention.

ductiena12

FWI, it's on lasted fimware already, 4.72

Zyxel_Kevin

Hi @ductiena12, 
If you use the native ikev2 within Samsung devices , pleae  kindly check that you have to add the second DNS Server. 


Or please see the following link to find connectd ikev2 vpn by strongSwan.
https://community.zyxel.com/en/discussion/12522/remote-access-vpn-wizard-for-secuextender-ipsec-and-non-secuextender-ipsec-vpn-clients#latest

Thank you
Kevin

ductiena12

Thank you for your reply. I already put 1.1.1.1 on the first DNS, and 8.8.8.8 on the second DNS.

and the link you provided above, my firewall USG110 does not have option to export non secureextender VPN clients like in the picture. so no more further steps can be done.

ductiena12

here are my config on

vpn gateway:

Encryption : AES128/SHA256 -> DH14

Interface = wan2_ppp

Enabled extend authentication -> AAA Method: default, -> user group: VPN Users

Policy -> Host, 0.0.0.0

Enable configuration payload: Range 192.168.50.1 -> 192.68.50.50

first dns: 8.8.8.8

second dns2: 1.1.1.1

Encryption : AES128/SHA256 -> PFS: DH2

and still cannot connect via IKev2. any suggestions? thanks

Zyxel_Kevin

Hi @ductiena12, 
Please find the private message. I'd like to schedule remote .
Thanks
Kevin

Zyxel_Kevin

Hi @ductiena12, 
Thanks your time today. Please find the PM. I have sent the SOP about ikev2 with mobile (psk,cert) to you.
And I can connect to your site by my iPhone. 
I will wait your advance test.  Thank you
Kevin

vpn100

There is also problem to connect to my Samsung tab s7+ with iKev2.

gateway:

By using Pre Shared Key

Engcryption/Authentication: AES256/SHA256

Key group: DH2, DH14, DH21

Connection:

IP address pool: 192.168.99.1 - 99.30

Active protocal: ESP

Encapsulation: Tunnel

Encryption/Authentication: AES256/SHA256

PFS: DH16, DH20, DH21.

I　can connect to the VPN100 IKEV2 by other Android devices but not the Samsung Tab S7+.

Would you help to tell if there is need to be set for connecting to S7+ ?

mMontana

Which version of Android is running Samsung Tab S7+?

Have you any declaration by Samsung that the Android version installed supports IkE v2?

Zyxel_Jeff

Hi @vpn100

Welcome to the Zyxel community, may we know what is your Android version of Samsung Tab S7+ ?

Thanks.