Windows 10+ IKEv2 VPN with certificate and Peer-ID-Type

StefanZ
StefanZ Posts: 202  Master Member
First Comment First Answer Friend Collector Community MVP

Our FLEX200 VPN works like a charm with the native OSX client.

Now I am trying to connect a Win10 machine to the same gateway.

Gateway is IKEv2 with certificate, with Peer-ID-Type set to "E-mail" and Content is set to a made up E-mail address.

Extended Authentication Protocol is set to Server Mode and the desired user group .

I downloaded the certificate, imported it in the Windows Wizard for all users (Local Computer), all good.

Setting up the native VPN client gives me a problem tho: Where do i input the Peer-ID-Type & Content? I assume that the user/pass fields are refering to the Extended Authentication Protocol?

Accepted Solution

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    Answer ✓

    Hi @StefanZ , as far as I know, we cannot adjust the Peer-ID for Windows native VPN, please select Any as the peer ID type

All Replies

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    Answer ✓

    Hi @StefanZ , as far as I know, we cannot adjust the Peer-ID for Windows native VPN, please select Any as the peer ID type

  • StefanZ
    StefanZ Posts: 202  Master Member
    First Comment First Answer Friend Collector Community MVP

    Thanks for clarifying!

    I ended up using the ConfigWizard to generate the native Windows .bat & .crt files and that works.

    I really hope you enable the Wizard for EXISTING connections soon!

    Every time you use it, it will mess with your connections, creates new Objects, instead of offering existing ones, etc..

    A wizard is great for something as complex as VPN – but it should not mess with the finely tuned results of days of work every time you require its' assistance.

  • MarkoD
    MarkoD Posts: 56  Ally Member
    First Answer First Comment Friend Collector Fifth Anniversary

    A wizard is great for something as
    complex as VPN – but it should not mess with the finely tuned results of
    days of work every time you require its' assistance.

    You can always create a VPN connection manually. That way it won't mess with your existing config.

  • StefanZ
    StefanZ Posts: 202  Master Member
    First Comment First Answer Friend Collector Community MVP

    Yes, but I also have to do it all manually. EVERY time. And then create/deploy .mobileconfig and .bat files.

Security Highlight