Android 13/IPAD IOS 15.7 and USG40 with IKEv2
Hi,
I have used earlier L2TP/IPSEC tunneling but now newer andoids doesn't support that one.
I did IKEv2 configuration according these.
https://support.zyxel.eu/hc/en-us/articles/8805317185298-VPN-Configure-IKEv2-with-Pre-Shared-key-on-Mobile-Devices-Instead-of-L2TP-
When I try make a connection I will get always error message in both devices android (SAMSUNG S20) and IPAD.
Any Ideas? KR,J
"
I have used earlier L2TP/IPSEC tunneling but now newer andoids doesn't support that one.
I did IKEv2 configuration according these.
https://support.zyxel.eu/hc/en-us/articles/8805317185298-VPN-Configure-IKEv2-with-Pre-Shared-key-on-Mobile-Devices-Instead-of-L2TP-
When I try make a connection I will get always error message in both devices android (SAMSUNG S20) and IPAD.
Any Ideas? KR,J
"
[SA] : No proposal chosen
84.250.110.101:500
221.210.110.200:39676
IKE_LOG
5
2022-12-23 05:15:26
info
IKE
[SA] : Tunnel [IKEv2_Connection] Phase 1 proposal mismatch
84.250.110.101:500
221.210.110.200:39676
IKE_LOG
6
2022-12-23 05:15:26
info
IKE
The cookie pair is : 0xe2c0fb51341291dc / 0xfc79f4663830a392 [count=3]
84.250.110.101:500
221.210.110.200:39676
IKE_LOG
7
2022-12-23 05:15:26
info
IKE
Recv IKE sa: SA([0] protocol = IKE (1), AES CBC key len = 256, AES CBC key len = 128, HMAC-SHA512-256, HMAC-SHA384-192, HMAC-SHA256-128, HMAC-SHA1-96, HMAC-SHA512 PRF, HMAC-SHA384 PRF, HMAC-SHA256 PRF, HMAC-SHA1 PRF, RFC5114 2048-256 bit MODP, 384 bit ECP
221.210.110.200:39676
84.250.110.101:500
IKE_LOG
8
2022-12-23 05:15:26
info
IKE
[INIT] Recv: [SA][KE][NONCE][NOTIFY][NOTIFY][NOTIFY][NOTIFY]
221.210.110.200:39676
84.250.110.101:500
IKE_LOG
9
2022-12-23 05:15:26
info
IKE
Receiving IKEv2 request
221.210.110.200:39676
84.250.110.101:500
IKE_LOG
10
2022-12-23 05:15:26
info
IKE
The cookie "
0
Best Answers
-
Hi @Jokke,[SA] : Tunnel [IKEv2_Connection] Phase 1 proposal mismatchHere is Phase 1 and Phase 2 proposal that match the iOS setting for your reference.iOS: 15.6.1 on iPhone 8 PlusPhase 1
Phase 2
Test Result
IKEv2 is connected on iPhone.0 -
Zyxel_Emily said:Hi @Jokke,[SA] : Tunnel [IKEv2_Connection] Phase 1 proposal mismatchHere is Phase 1 and Phase 2 proposal that match the iOS setting for your reference.iOS: 15.6.1 on iPhone 8 PlusPhase 1
Phase 2
Test Result
IKEv2 is connected on iPhone.0
All Replies
-
Hi @Jokke,[SA] : Tunnel [IKEv2_Connection] Phase 1 proposal mismatchHere is Phase 1 and Phase 2 proposal that match the iOS setting for your reference.iOS: 15.6.1 on iPhone 8 PlusPhase 1
Phase 2
Test Result
IKEv2 is connected on iPhone.0 -
In a thread of some day ago we discussed about parameters setting:Now a question arise: is there a way to disable, on Android and Apple devices, vpn password save? I'd like to have users input it every time.0
-
The VPN secret and password setting are saved on Apple device. Maybe you should check with Apple if these settings are able to be not saved.0
-
Zyxel_Emily said:Hi @Jokke,[SA] : Tunnel [IKEv2_Connection] Phase 1 proposal mismatchHere is Phase 1 and Phase 2 proposal that match the iOS setting for your reference.iOS: 15.6.1 on iPhone 8 PlusPhase 1
Phase 2
Test Result
IKEv2 is connected on iPhone.0 -
Hi @Jokke,For Android 13, set proposal "AES128-SHA256-DH2" in phase 1 and "AES128-SHA256" in phase 2.0
-
Unfortenately this does not work :( also Even this would work I shoud creat own VPN tunnel for IOS and android because Zyxel support only one IKE Diffie-Hellman (DH) group per tunnel
0 -
I am wondering is that something what is Samsung spefic, my phone is Samsung s20 with android 13
0 -
Hi @Jokke,
It seems Samsung needs two DNS server in phase 2 settings. Hence, try to configure both First DNS server and Second DNS server in VPN Connetion > Configuration Payload on USG40.0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight