Android 12 and ikev2

Agor76
Agor76 Posts: 42  Freshman Member
First Comment Friend Collector Sixth Anniversary
Hi everybody,

I'm looking to find a way to get Android 12 clients connected using IKEv2 mode instead of L2TP.

I've tried this, which seems to be quite easy, but It didn't work:

https://support.zyxel.eu/hc/en-us/articles/4411498192914

Any suggestions ? 

Regards

Agor





 










«13456

All Replies

  • midi
    midi Posts: 1  Freshman Member
    Fourth Anniversary
    Same here. I cannot get my galaxy s22 to connect to an ATP100 after loosing l2tp with android 12. I have no idea if it is the new ikev2 configuration I setup in the zyxel or the vpn settings in the phone. 

    Has anyone gotten a galaxy s22  to work with a zyxel vpn tunnel?
  • PeterUK
    PeterUK Posts: 3,459  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Been trying here with my phone updated to Android 12 and can't get ikev2 to work as server role on USG60W

    I get in logs

    Receiving IKEv2 request [count=5]

    [INIT] Recv: [SA][KE][NONCE][NOTIFY][NOTIFY][NOTIFY][NOTIFY] [count=5]

    Recv IKE sa: SA([0] protocol = IKE (1), AES CTR key len = 256, AES CBC key len = 256, AES CTR key len = 192, AES CBC key len = 192, AES CTR key len = 128, AES CBC key len = 128, HMAC-SHA512-256, HMAC-SHA384-192, HMAC-SHA256-128, AES-XCBC-96, unknown integ [count=5]

    The cookie pair is : 0x7180eb2e28ac6628 / 0x4364f247052b96a5 [count=3]

    [SA] : Tunnel [VPN_server] Phase 1 proposal mismatch [count=5]

    [SA] : No proposal chosen [count=5]


  • Agor76
    Agor76 Posts: 42  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    edited March 2022
    Hi midi,

    I still haven't found a way to get my S22 connected on an ikev2 VPN using the Android's default client. I don't know if there's an issue related to Samsung devices, some other guys over here got theyr Google's Pixels phones properly connected.
    But there's a solution that worked great for me. Just download Strongswan VPN client from Google Play (for free) and setup an IKEv2 EAP (using certificates and MSCHAP Auth). It's easy to deploy and works so good that I may not need to try again using the default client in the future.

    For PeterUK
    You have gone far away from where I'm stuck, according to your logs. I can't even get the phase 1 proposal mismatch using Samsung's devices. What kind of phone are you using ?

    Agor

  • PeterUK
    PeterUK Posts: 3,459  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited March 2022
    Sony Xperia 5 II

    For PeterUK
    You have gone far away from where I'm stuck, according to your logs. I can't even get the phase 1 proposal mismatch using Samsung's devices. What kind of phone are you using ?

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Hi @midi,
    Not sure if the issue is only on S22, can you post VPN connection fail log for further checking?
    BTW, you may follow Agor76 to download Strongswan VPN client from Google Play to connect VPN



  • n4cr2k
    n4cr2k Posts: 10  Freshman Member
    First Comment Second Anniversary
    S22 here as well with no luck using the built in client.  I haven't tried Strongswan or another client yet.
  • PeterUK
    PeterUK Posts: 3,459  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    n4cr2k said:
    S22 here as well with no luck using the built in client.  I haven't tried Strongswan or another client yet.
    You may need to play around with the Key group and encryption settings
    VPN Server role IKEv2 broken as far as I can tell — Zyxel Community
  • Agor76
    Agor76 Posts: 42  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    n4cr2k said:
    S22 here as well with no luck using the built in client.  I haven't tried Strongswan or another client yet.
    Apparently, using Strongswan it's the only way for Samsung S22 devices
  • DavideV
    DavideV Posts: 3
    Hello everybody,
    guys i have the same s22 ultra with the same problem.

    I was about to buy the USG20-VPN mod but after reading this thread I stopped. 
    So I ask you for an update on the situation. Is it possible to set ikev2 psk directly in android vpn section? 
    I ask it because I would have bixby routinely manage the activation and deactivation of the vpn depending on whether or not it is under the same Wifi. And above all, avoid using third-party applications because they consume a train of battery. Thank you

Security Highlight