Android 14 VPN to USG 1100

Options
tektu
tektu Posts: 2
First Anniversary First Comment
in Security

Has someone made VPN connection between Android 14 (Motorola ThinkPhone) and USG 1100? I´ve been trying to do that but always Phase 1 or Phase 2 mismatch..

All Replies

  • PeterUK
    PeterUK Posts: 2,848  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    IKEv2 I take it?

    Phase 1

    encryption AES128

    authentication SHA256

    key Group DH14 but might be higher

    Phase 2

    encryption AES128

    authentication SHA256

    PFS DH2

    on phone setting for the VPN IPsec identifier is ikev2

  • tektu
    tektu Posts: 2
    First Anniversary First Comment
    Options

    Phase 1 proposal mismatch

    No proposal chosen

    Send:[NOTIFY:INVALID_MAJOR_VERSION]

    headache :/

  • WJS
    WJS Posts: 142  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Share your P1 P2 proposal . And capture negotiation packets.

    It will have what Android 14 proposal used

  • QuiteSmart
    QuiteSmart Posts: 43  Freshman Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Try using strongSwan app it has great logs. IF you get no proposal chosen i suggest to check that encryption, authentication and Diffie Hellman Groups are the same between the zywall and the endpoint.

    As for DH Groups consider that while on legacy USG serie you can choose only one group on the ATP and USG flex series you can put many, in this case you just need that at least one group is the same on both firewall and client.

    As for PFS (perfect forward secrecy) you can consider to disable it to help performance. As usual be adviced that performance/easiness and security will never be on the same side.

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)