Android 14 VPN to USG 1100

tektu
tektu Posts: 2  Freshman Member
First Comment Fifth Anniversary

Has someone made VPN connection between Android 14 (Motorola ThinkPhone) and USG 1100? I´ve been trying to do that but always Phase 1 or Phase 2 mismatch..

All Replies

  • PeterUK
    PeterUK Posts: 3,460  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    IKEv2 I take it?

    Phase 1

    encryption AES128

    authentication SHA256

    key Group DH14 but might be higher

    Phase 2

    encryption AES128

    authentication SHA256

    PFS DH2

    on phone setting for the VPN IPsec identifier is ikev2

  • tektu
    tektu Posts: 2  Freshman Member
    First Comment Fifth Anniversary

    Phase 1 proposal mismatch

    No proposal chosen

    Send:[NOTIFY:INVALID_MAJOR_VERSION]

    headache :/

  • WJS
    WJS Posts: 156  Master Member
    5 Answers First Comment Friend Collector Third Anniversary

    Share your P1 P2 proposal . And capture negotiation packets.

    It will have what Android 14 proposal used

  • QuiteSmart
    QuiteSmart Posts: 48  Freshman Member
    Zyxel Certified Network Administrator - Nebula Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - WLAN

    Try using strongSwan app it has great logs. IF you get no proposal chosen i suggest to check that encryption, authentication and Diffie Hellman Groups are the same between the zywall and the endpoint.

    As for DH Groups consider that while on legacy USG serie you can choose only one group on the ATP and USG flex series you can put many, in this case you just need that at least one group is the same on both firewall and client.

    As for PFS (perfect forward secrecy) you can consider to disable it to help performance. As usual be adviced that performance/easiness and security will never be on the same side.

Security Highlight