Android 12 and ikev2

1356

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @DavideV,

    This issue is fixed in V5.31 firmware. Please update to V5.31 and try it again.

    V5.31 release note:
     9. [ENHANCEMENT] eITS#180900304, 180801037
         a.Support VPN multiple Diffie Hellman groups.
  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @mMontana,
    The issue is fixed in WK35.  Lab test on Google Pixel 5 Android 13, and Xiaomi poco F3 Android 12.
    Both mobile phone can build up IKEv2 + PSK tunnel successfully. We may need to check if the issue is something related to specific brand mobile phone.
  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Thanks for your kind reply. :)
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Just found out that, if we test on Samsung mobile phone IKEv2 + PSK Remote access VPN, we cannot just provide 1 DNS server in phase 2 mode config. Mobile will send "DEL" message to gateway immediately when the tunnel is up assume we just set up 1 DNS server for mode config.
    That's weird. other brand mobile can accept one DNS server in mode config. 
    Not sure if it is limitation on specific version.

    Condition : 
    Samsung Android 12 + IKEv2 + PSK
    Mode config: Need to set up 2 DNS server for Samsung mobile in phase 2 mode config


  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Hint for @Zyxel_Cooldia: update the manuals and the howtos published.
  • Peppino
    Peppino Posts: 127  Ally Member
    First Anniversary 10 Comments Friend Collector
    edited December 2022
    Dear Zyxel team,

    Now that Android 13 has rolled out onto Samsung phones, and L2TP has practically stopped working on them, I was wondering if you guys have a plan to overcome this situation, as Samsung apparently still uses a weird hashing algorithm, that we cannot set in the Zyxel firewalls if trying to move towards IKEv2.
    Whatever I tried wouldn't let me past Phase 1. 
    This guide here unfortunately doesn't work for these phones, you may consider putting there a note, that Samsung phones are an exception.

    Any chance we can get back our VPNs soon? :-)

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited December 2022
    Hi @Peppino,

    We would suggest to install Strongswan client on Samsung phone for IKEv2 connection.
  • Peppino
    Peppino Posts: 127  Ally Member
    First Anniversary 10 Comments Friend Collector
    Hi @Peppino,

    We would suggest to install Strongswan client on Samsung phone for IKEv2 connection.
    Can you eventually suggest a configuration guide for this?
  • Peppino
    Peppino Posts: 127  Ally Member
    First Anniversary 10 Comments Friend Collector
    I actually succeeded setting it up, but it might not be trivial for others

Security Highlight