Android 12 and ikev2
All Replies
-
I am also using it like that on a USGFLEX100
0 -
Yes but what I can't get working is the built in VPN client on phone and have to use strongswan...but on my phone built in VPN client I can't leave the IPsec identifier blank if I set to the DNS logs show its up then disconnects with strongswan it works fine.
0 -
Its a Samsung limitaton on hashing algorithms as I recall. Anyway Strongswan seamlessly integrates into Android.
1 -
Thank you @Peppino , thank you @PeterUK for your feedbacks. Would you be so kind to check the configuration and log that i posted a few days ago and compare it with yours? I really cannot understand what i am missing. Apart from the ATP i've made some tests on an USG40 behind a Fritzbox router: the router is configured so that the firewall is the "exposed host".
I understand that having the firewall directly connected to the internet is by far better but sometimes this is not possible because the ISP supplies VoIP services only on their devices and do not give configurations.
As for using the built in client i also am aware that there is a limitation with Samsung about the DH algorithms, somewhere i read that Zyxel added new DH with latest firmwares but Strongswan seems to be the easier way on Samsung
0 -
You might have overlooked what PeterUK wrote:
"If the certificate says a IP then the fw needs to have that IP and be WAN"
So since the router has the external IP, your ATP claims to have an internal IP which in turn will not match the one set in the certificate.
0 -
Maybe I just didn't want to read such a thing ;-)
Can we close it saying that there is no possibility to create a client-server VPN (with certificate) with a firewall behind a router?
0 -
Correct
0 -
I think it might be possible if the certificate uses DNS then a IP?
1 -
Do you mean ddns?
Who should issue the certificate?
Have any of you even done it? (How? ;-) )
Thank you again
0 -
Theoretically it could work. The certificate is created by you inside the ATP, under objects-certificates. This needs to be exported as file and imported into the Android phone. How did you make it work last time? Not like this?
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight