IKEv2

alehzn
alehzn Posts: 37  Freshman Member
First Anniversary Friend Collector First Comment
edited April 2021 in Security
Hello,

To set up a VPN which supports IKEv2 I have used the following instructions:
http://onesecurity.zyxel.com/img/uploads/Next-Gen_IKEv2_VPN_Server_Role_CR.pdf
http://www.zyxel-tech.de/files/New-Gen_USG_IKEv2_iPhone.pdf
https://www.google.de/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&ved=2ahUKEwiL2J24hprfAhXloYsKHT5hAH8QFjADegQIABAC&url=https%3A%2F%2Fus.v-cdn.net%2F6029482%2Fuploads%2Feditor%2Fzx%2F8vcjgzsm4487.pdf&usg=AOvVaw2BsE372QdIYpioYkLUW-XV

The setup works on my Windows 10 device (manual configuration) and on my iPhone (iOS 12.1.1) using the handy provisioning feature.

Now the question is how to provision the profile on my iPad? Safari is not displaying the webpage of the ZyXEL in a mobile version (/access.cgi?mobile=1), therefore the profile is not visible to install. Manually configuring the VPN tunnel does not work (no proposal chosen). 

What I am doing wrong? Many thanks for any hints in advance.

Regards

Best Answers

All Replies

  • alehzn
    alehzn Posts: 37  Freshman Member
    First Anniversary Friend Collector First Comment
    Hello @Zyxel_Emily
    Thank you for your reply.

    Do you have also an answer on how to manually configure the IKEv2 tunnel on iPhone/iPad? Apperently it is not possible to set it up manually. All provided information seems to be not sufficient.

    Thanks in advance.
  • alehzn
    alehzn Posts: 37  Freshman Member
    First Anniversary Friend Collector First Comment
    @Zyxel_Emily
     Converting the certificate did the trick. Thanks a lot!
  • CoreSG
    CoreSG Posts: 40  Freshman Member
    First Anniversary Friend Collector First Comment
    edited August 2020
    Hi, I would love to get this working ! However, I'm in the US and can't download the referenced PDF,
    http://www.zyxel-tech.de/files/New-Gen_USG_IKEv2_iPhone.pdf

    Could anyone please share all of the specified settings for phase 1 & phase 2 ?
    Thank-you in advance, be it @Zyxel_Emily or anyone else.
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,278  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Currently iOS supports the following proposals:

    In phase 1:
    AES256+SHA256, Key Group=DH14

    In phase 2:
    AES256+SHA256, PFS=none

    How iOS device get the IKEv2 VPN configuration from device
  • CoreSG
    CoreSG Posts: 40  Freshman Member
    First Anniversary Friend Collector First Comment
    edited August 2020
    Thanks very much !

Security Highlight