Windows 10+ IKEv2 VPN with certificate and Peer-ID-Type

StefanZ

Our FLEX200 VPN works like a charm with the native OSX client.

Now I am trying to connect a Win10 machine to the same gateway.

Gateway is IKEv2 with certificate, with Peer-ID-Type set to "E-mail" and Content is set to a made up E-mail address.

Extended Authentication Protocol is set to Server Mode and the desired user group .

I downloaded the certificate, imported it in the Windows Wizard for all users (Local Computer), all good.

Setting up the native VPN client gives me a problem tho: Where do i input the Peer-ID-Type & Content? I assume that the user/pass fields are refering to the Extended Authentication Protocol?

Zyxel_James

Hi @StefanZ , as far as I know, we cannot adjust the Peer-ID for Windows native VPN, please select Any as the peer ID type

Zyxel_James

Hi @StefanZ , as far as I know, we cannot adjust the Peer-ID for Windows native VPN, please select Any as the peer ID type

StefanZ

Thanks for clarifying!

I ended up using the ConfigWizard to generate the native Windows .bat & .crt files and that works.

I really hope you enable the Wizard for EXISTING connections soon!

Every time you use it, it will mess with your connections, creates new Objects, instead of offering existing ones, etc..

A wizard is great for something as complex as VPN – but it should not mess with the finely tuned results of days of work every time you require its' assistance.

MarkoD

A wizard is great for something as
complex as VPN – but it should not mess with the finely tuned results of
days of work every time you require its' assistance.

You can always create a VPN connection manually. That way it won't mess with your existing config.

StefanZ

https://community.zyxel.com/en/discussion/comment/52162#Comment_52162

Yes, but I also have to do it all manually. EVERY time. And then create/deploy .mobileconfig and .bat files.