IKEv2 with PSK not working on Android

Userseb · August 27

Hi everyone,

I'm trying to set up IKEv2 with PSK on a USG Flex 100 by following that article (https://support.zyxel.eu/hc/en-us/articles/8805317185298-IKEv2-VPN-with-Pre-Shared-key-on-Mobile-Devices-Instead-of-L2TP#h_01HB6CZ468E23YEB63SRPPFRS8) but it's not working.

Here is the log

What could be wrong ? I don't see any error in the log.

Thanks.

Seb

PeterUK · August 28

For phase 2 change Local policy to 0.0.0.0

PeterUK · August 27

Is this by IP or DNS?

Have you tried changing the key group?

looks like Phase 1 is not done

Userseb · August 27

Hi PeterUK,

It's by IP

Key groups are DH2 and DH14 as specified in the article (not tried the others)

Ciphers are AES256/SHA256

Yes it seems phase 1 do not terminate

I noticed a [CERTREQ] at line 11 in the log, would it mean that it requests a certificate ? 🤷‍♂️

Userseb · August 28

Ok so I'm going to the right direction, phase1 is now OK but phase 2 fails.

Phase 1 has been solved by changing the IPSec identifier in the client app on Android : I replaced 0.0.0.0 by then WAN IP (192.168.1.99 in my case behing a NAT) and it works.

Here is the complete log now

I receive a correct IP (192.168.70.2), the Dynamic Tunnel is built successfully but the microsecond after, IKE SA is disconnected. I tried multiple policies without success. I don't know what else to do.

Regards,

Seb

PeterUK · August 28

For phase 2 change Local policy to 0.0.0.0

Userseb · August 28

Oh man thank you so much it was as simple as that ! 👍👍👍

Do you know why I had to change this parameter from the subnet to 0.0.0.0 ?

Seb

PeterUK · August 28

Think it to do with the WAN IP interface is on but by setting it to 0.0.0.0 it can be from any interface

Userseb · August 28

Ok I will keep this in mind next time ! Thanks again !

Regards,

Seb

IKEv2 with PSK not working on Android

Accepted Solution

All Replies

Categories

Security Highlight

Security Help Center