Android 12 and ikev2

Agor76
Agor76 Posts: 16
First Comment Friend Collector Fourth Anniversary
 Freshman Member
Hi everybody,

I'm looking to find a way to get Android 12 clients connected using IKEv2 mode instead of L2TP.

I've tried this, which seems to be quite easy, but It didn't work:

https://support.zyxel.eu/hc/en-us/articles/4411498192914

Any suggestions ? 

Regards

Agor





 










«13

All Replies

  • midi
    midi Posts: 1
    First Anniversary
    Same here. I cannot get my galaxy s22 to connect to an ATP100 after loosing l2tp with android 12. I have no idea if it is the new ikev2 configuration I setup in the zyxel or the vpn settings in the phone. 

    Has anyone gotten a galaxy s22  to work with a zyxel vpn tunnel?
  • PeterUK
    PeterUK Posts: 1,492
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member

    Been trying here with my phone updated to Android 12 and can't get ikev2 to work as server role on USG60W

    I get in logs

    Receiving IKEv2 request [count=5]

    [INIT] Recv: [SA][KE][NONCE][NOTIFY][NOTIFY][NOTIFY][NOTIFY] [count=5]

    Recv IKE sa: SA([0] protocol = IKE (1), AES CTR key len = 256, AES CBC key len = 256, AES CTR key len = 192, AES CBC key len = 192, AES CTR key len = 128, AES CBC key len = 128, HMAC-SHA512-256, HMAC-SHA384-192, HMAC-SHA256-128, AES-XCBC-96, unknown integ [count=5]

    The cookie pair is : 0x7180eb2e28ac6628 / 0x4364f247052b96a5 [count=3]

    [SA] : Tunnel [VPN_server] Phase 1 proposal mismatch [count=5]

    [SA] : No proposal chosen [count=5]


  • Agor76
    Agor76 Posts: 16
    First Comment Friend Collector Fourth Anniversary
     Freshman Member
    edited March 18
    Hi midi,

    I still haven't found a way to get my S22 connected on an ikev2 VPN using the Android's default client. I don't know if there's an issue related to Samsung devices, some other guys over here got theyr Google's Pixels phones properly connected.
    But there's a solution that worked great for me. Just download Strongswan VPN client from Google Play (for free) and setup an IKEv2 EAP (using certificates and MSCHAP Auth). It's easy to deploy and works so good that I may not need to try again using the default client in the future.

    For PeterUK
    You have gone far away from where I'm stuck, according to your logs. I can't even get the phase 1 proposal mismatch using Samsung's devices. What kind of phone are you using ?

    Agor

  • PeterUK
    PeterUK Posts: 1,492
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member
    edited March 18
    Sony Xperia 5 II

    For PeterUK
    You have gone far away from where I'm stuck, according to your logs. I can't even get the phase 1 proposal mismatch using Samsung's devices. What kind of phone are you using ?

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,049
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments
     Guru Member
    Hi @midi,
    Not sure if the issue is only on S22, can you post VPN connection fail log for further checking?
    BTW, you may follow Agor76 to download Strongswan VPN client from Google Play to connect VPN



  • n4cr2k
    n4cr2k Posts: 8
    S22 here as well with no luck using the built in client.  I haven't tried Strongswan or another client yet.
  • PeterUK
    PeterUK Posts: 1,492
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member
    n4cr2k said:
    S22 here as well with no luck using the built in client.  I haven't tried Strongswan or another client yet.
    You may need to play around with the Key group and encryption settings
    VPN Server role IKEv2 broken as far as I can tell — Zyxel Community
  • Agor76
    Agor76 Posts: 16
    First Comment Friend Collector Fourth Anniversary
     Freshman Member
    n4cr2k said:
    S22 here as well with no luck using the built in client.  I haven't tried Strongswan or another client yet.
    Apparently, using Strongswan it's the only way for Samsung S22 devices
  • DavideV
    DavideV Posts: 3
    Hello everybody,
    guys i have the same s22 ultra with the same problem.

    I was about to buy the USG20-VPN mod but after reading this thread I stopped. 
    So I ask you for an update on the situation. Is it possible to set ikev2 psk directly in android vpn section? 
    I ask it because I would have bixby routinely manage the activation and deactivation of the vpn depending on whether or not it is under the same Wifi. And above all, avoid using third-party applications because they consume a train of battery. Thank you

Security Highlight