ATP200 VPN on Iphone stays stuck on "connection starting"

2»

All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,567  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    Answer ✓

    Hi @Jarno_Smits,

    May I know how you created the VPN profile on your iPhone? Was it created by the firewall's script?

    I did some lab for this issue and found:

    1. I can connect the VPN by manually creating a VPN profile on iOS 17.6.1 and 18 with the proposal in the above FAQ.
    2. I can connect the VPN by the firewall's script on iOS 17.6.1.
    3. I can connect the VPN by the firewall's script on iOS 18.

    Could you help to try manually creating a VPN profile to test if you used the script to create the VPN profile?

    Zyxel Melen


  • Jarno_Smits
    Jarno_Smits Posts: 23  Freshman Member
    First Comment Friend Collector Sixth Anniversary

    Hi Melen,

    i used the provisioning script, and downloaded the profile and certificate to the IPhone by pressing the IKEv2 button at the login page of the ATP in safari on the Iphone.

    I will try tomorrow tonmake a manual login to test.


    kind regards,


    Jarno

  • Jarno_Smits
    Jarno_Smits Posts: 23  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    Answer ✓

    Good Morning Melen,

    It looke like it has something to do with the certificate / Enable Extended Authentication Protocol

    I deleted the profile / Certificate from my iphone and configured manualy the VPN.

    I changed from certificate to Pre-shared key, but still it didn't work, the same errors, then i disabled the "Enable Extended Authentication Protocol " and now it is connecting.

    The Local ID Type is stil on DNS , bacause that is working.

    I think it mus be sometihing with the certificate and/or "Enable Extended Authentication Protocol "

    this in combination with IoS 18?

    This because i have a second VPN the same setup as the old one, using the same old certificate and here is "Enable Extended Authentication Protocol " still enabled but this VPN profile is only used for my Laptop, and this one is still connectiong without any problem.

    In my case it doesn't look it had something to do with the Phase 1 settings offcouse i changed the DH settings to the new document, but for the test i changed them back to the old settings and then the VPN still could connect, but only with the new preshared key configuration.

    See below the settings how i have it running now.

    Now the next step is to get it working with the Profile and Certificate again :-)

    Schermafbeelding 2024-10-02 074109.png
    image0.png

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)