Why can't I establish a VPN connection after updating to iOS 18? How can I resolve this issue?

Zyxel_Jeff

Question :

Why can't I establish an IKEv2 VPN connection after updating to iOS 18? How can I resolve this issue?

Answer :

Since there are changes to the VPN Phase 1 and Phase 2 parameters for iOS's native VPN client, please modify them accordingly to allow the remote VPN to work.

USG Flex/ATP firewall model settings:

Please navigate to Configuration > VPN > IPsec > VPN Gateway > To add the VPN phase 1 setting. Please configure Phase 1 Encryption and Authentication settings to AES256/SHA256 DH2/DH14/DH19.

Please navigate to Configuration > VPN > IPsec > VPN Connection > To add the VPN phase 2 setting. Please configure Phase 2 Encryption and Authentication settings to AES256/SHA256 Perfect Forward Secrecy(PFS) : None.

USG Flex H firewall model settings:

Please navigate to VPN > IPsec VPN > To set the IKEv2-related information, as shown below:

Please configure Phase 1 Encryption and Authentication settings to AES256/SHA256 DH2/DH14/DH21 and Phase 2 Encryption and Authentication settings to AES256/SHA256 Perfect Forward Secrecy(PFS) : None.

How to verify the result?

Install the VPN configuration script (.mobileconfig file) that was downloaded from the firewall.

Establish the IKEv2 VPN connection from the iPhone to the Zyxel firewall.

USG Flex/ATP firewall:

Please navigate to the path: Monitor > VPN Monitor> IPSec, you will find that the IKEv2 VPN connection has been established.

USG Flex H firewall:

Please navigate to the path: VPN Status > IPsec VPN > Remote Access VPN, you will find that the IKEv2 VPN connection has been established.