Android 14 VPN to USG 1100
All Replies
-
IKEv2 I take it?
Phase 1
encryption AES128
authentication SHA256
key Group DH14 but might be higher
Phase 2
encryption AES128
authentication SHA256
PFS DH2
on phone setting for the VPN IPsec identifier is ikev2
1 -
Phase 1 proposal mismatch
No proposal chosen
Send:[NOTIFY:INVALID_MAJOR_VERSION]
headache :/
0 -
Share your P1 P2 proposal . And capture negotiation packets.
It will have what Android 14 proposal used
1 -
Try using strongSwan app it has great logs. IF you get no proposal chosen i suggest to check that encryption, authentication and Diffie Hellman Groups are the same between the zywall and the endpoint.
As for DH Groups consider that while on legacy USG serie you can choose only one group on the ATP and USG flex series you can put many, in this case you just need that at least one group is the same on both firewall and client.
As for PFS (perfect forward secrecy) you can consider to disable it to help performance. As usual be adviced that performance/easiness and security will never be on the same side.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight