IKEv2

Options
alehzn
alehzn Posts: 37 image  Freshman Member
First Comment Friend Collector Fifth Anniversary
edited April 2021 in Security
Hello,

To set up a VPN which supports IKEv2 I have used the following instructions:
http://onesecurity.zyxel.com/img/uploads/Next-Gen_IKEv2_VPN_Server_Role_CR.pdf
http://www.zyxel-tech.de/files/New-Gen_USG_IKEv2_iPhone.pdf
https://www.google.de/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&ved=2ahUKEwiL2J24hprfAhXloYsKHT5hAH8QFjADegQIABAC&url=https%3A%2F%2Fus.v-cdn.net%2F6029482%2Fuploads%2Feditor%2Fzx%2F8vcjgzsm4487.pdf&usg=AOvVaw2BsE372QdIYpioYkLUW-XV

The setup works on my Windows 10 device (manual configuration) and on my iPhone (iOS 12.1.1) using the handy provisioning feature.

Now the question is how to provision the profile on my iPad? Safari is not displaying the webpage of the ZyXEL in a mobile version (/access.cgi?mobile=1), therefore the profile is not visible to install. Manually configuring the VPN tunnel does not work (no proposal chosen). 

What I am doing wrong? Many thanks for any hints in advance.

Regards

Best Answers

All Replies

  • alehzn
    alehzn Posts: 37 image  Freshman Member
    First Comment Friend Collector Fifth Anniversary
    Hello @Zyxel_Emily
    Thank you for your reply.

    Do you have also an answer on how to manually configure the IKEv2 tunnel on iPhone/iPad? Apperently it is not possible to set it up manually. All provided information seems to be not sufficient.

    Thanks in advance.
  • alehzn
    alehzn Posts: 37 image  Freshman Member
    First Comment Friend Collector Fifth Anniversary
    @Zyxel_Emily
     Converting the certificate did the trick. Thanks a lot!
  • CoreSG
    CoreSG Posts: 40 image  Freshman Member
    First Comment Friend Collector Fifth Anniversary
    edited August 2020
    Hi, I would love to get this working ! However, I'm in the US and can't download the referenced PDF,
    http://www.zyxel-tech.de/files/New-Gen_USG_IKEv2_iPhone.pdf

    Could anyone please share all of the specified settings for phase 1 & phase 2 ?
    Thank-you in advance, be it @Zyxel_Emily or anyone else.
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,452 image  Guru Member
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Currently iOS supports the following proposals:

    In phase 1:
    AES256+SHA256, Key Group=DH14

    In phase 2:
    AES256+SHA256, PFS=none

    How iOS device get the IKEv2 VPN configuration from device
  • CoreSG
    CoreSG Posts: 40 image  Freshman Member
    First Comment Friend Collector Fifth Anniversary
    edited August 2020
    Thanks very much !