IKEv2/IPSec VPN server to connect Android 12 clients to the network.

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

IKEv2/IPSec VPN server to connect Android 12 clients to the network.

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
19 Reply
Re:IKEv2/IPSec VPN server to connect Android 12 clients to the network.
2023-03-20 20:47:59

  @stefjoseph 

Hi Stef,

Unfortunately I didn't get it working. The VPN connection from android 12 (now android 13) works fine, but I still can't access the internet from the VPN network. I actually didn't go any further with the issue either because it wasn't important enough for me. It should be possible to solve it but I didn't succeed.

 

I am happy with the Omada network. It is very stable and reliable. The only issues I have is the Internet connection from VPN connected clients and the fact that it's not possible to configure my own DynDNS provider. 

 

Regards,

Alex

OMADA equipment: TL-R605 v1 | OC200 v1 | TL-SG2428P v1 | 3x EAP245(EU) v3 Other: MC220L | TL-SG105E V3
  3  
  3  
#12
Options
Re:IKEv2/IPSec VPN server to connect Android 12 clients to the network.
2023-05-09 22:24:51

@Intrax Hi! using you proposition it works!


I manage to connect without the user - as it's not possible to define a user for IPsec (ER7206, SW: 1.3.0).
However - no internet access as well.

 

Do you have double NAT in your setup? Once I've seen the information that there is some problem in such setup - this could be it (I am behind double NAT).

 

Thank you anyway!

  0  
  0  
#13
Options
Re:IKEv2/IPSec VPN server to connect Android 12 clients to the network.
2023-05-09 22:31:35

@Intrax 

 

The crucial setting which determines whether it works or not is Remote ID Type:

(IP Address works, Name doesn't work)

 

I am suggesting NAT as this tutorial:
https://www.tp-link.com/pl/support/faq/3447/

says following:
 

 

Even though I am behind NAT it partially works. This is why I blame NAT for no internet access.

I am not able to ping my WAN IP (which is ISP's router) from the VPN tunnel, which suggests no communication.

 

  0  
  0  
#14
Options
Re:IKEv2/IPSec VPN server to connect Android 12 clients to the network.
2023-05-09 23:04:28 - last edited 2023-05-09 23:04:56

@Intrax 

 

anyway I'll stick to OpenVPN as it works fine.

Maybe expect max throughput which is 34 Mb/s (ER7206 v1)

  0  
  0  
#15
Options
Re:IKEv2/IPSec VPN server to connect Android 12 clients to the network.
2023-05-17 20:56:35

  @folfix 

 

Hi Fofix,


Thanks for your comment.
I am not using double NAT. My ER605 v1 is connected directly to the internet via an MC220L converter (RJ45 to Fiber).

 

Tonight I checked my configuration again, but I don't see any wrong settings.

Unfortunately, it is still not possible to access the internet from a VPN connection.

The VPN connection from my Samsung A53 device (Android 13) only stays in the local network.
That's really a pity,

 

Maybe I should wait for new firmware for the ER605 v1 router that supports SHA2.

 

Regards,
Alex

OMADA equipment: TL-R605 v1 | OC200 v1 | TL-SG2428P v1 | 3x EAP245(EU) v3 Other: MC220L | TL-SG105E V3
  0  
  0  
#16
Options
Re:IKEv2/IPSec VPN server to connect Android 12 clients to the network.
2023-10-31 04:21:05

  @Intrax 

 

has any one had any luck with Android13/14? or are we stuck wit openVPN?

  0  
  0  
#17
Options
Re:IKEv2/IPSec VPN server to connect Android 12 clients to the network.-Solution
2023-11-05 14:29:05 - last edited 2023-11-06 03:53:05

  @PietroSpina

 

I got it working following the example from Intrax (post#6). I would like to point out a few things in case it isn't clear enough:

 

You have to create a vpn user despite the android client does not expect an user. And you have to provide a password when creating the user but the password is not actually used anywhere. You also cannot choose ipsec as the vpn server type, so just leave it blank.

 

On your android phone you enter the pre-shared key you used when you create the vpn profile (not the vpn user password), and put the vpn user name in the "IPSec identifier" even it explicitly says that it isn't being used.

 

I am using omada software controller 5.7.4 with a er605 v2

Recommended Solution
  0  
  0  
#18
Options
Re:IKEv2/IPSec VPN server to connect Android 12 clients to the network.
2023-11-07 18:37:13

  @SSSCCC 

 

You're right. That part isn't very clear, thanks for the update.

 

The only problem that remains is that you can no longer connect to the Internet from the VPN server connection.

That's why I use OpenVPN.

The speed may not be great, but it works well and it is stable.

 

regards Alex

OMADA equipment: TL-R605 v1 | OC200 v1 | TL-SG2428P v1 | 3x EAP245(EU) v3 Other: MC220L | TL-SG105E V3
  0  
  0  
#19
Options
Re:IKEv2/IPSec VPN server to connect Android 12 clients to the network.
2023-11-29 13:58:30

  @SSSCCC

  @Intrax

 

Thanks for the tips everyone... For my situation (see below) I had sucess using the Phase1 Proposal set to "SHA-256 - AES256 - DH14" and Phase 2 Proposal set to ESP - SHA-256 - AES256

 

Android 14

Controller Version: 5.12.9 Model: OC200 1.0 Firmware Version: 1.26.3 Build 20230906 Rel.36269

Router: ER605 v1.0 Firmware: 1.3.0 Build 20230511 Rel.51317

  0  
  0  
#20
Options