How to configure VPN via IKEv2/IPSec for Android 11+ and Windows 11 client devices?

How to configure VPN via IKEv2/IPSec for Android 11+ and Windows 11 client devices?

22 Reply
Re:How to configure VPN via IKEv2/IPSec for Android 11+ and Windows 11 client devices?-Solution
2024-02-10 03:57:22 - last edited 2024-02-18 01:18:58

Hi @gerba 

If you can take a second to read the guide.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  0  
  0  
#12
Options
Re:How to configure VPN via IKEv2/IPSec for Android 11+ and Windows 11 client devices?
2024-02-12 15:53:52 - last edited 2024-02-12 16:06:52

  @Clive_A 

 

Thank you for that link.
If I'm not mistaken, this guide is similar to the guide I linked to in my initial post.
At least I did not find anything additional to try in comparison with the guide I already followed.

 

Any more ideas?

  0  
  0  
#13
Options
Re:How to configure VPN via IKEv2/IPSec for Android 11+ and Windows 11 client devices?
2024-02-14 08:42:29

  @gerba 

gerba wrote

  @Clive_A 

 

Thank you for that link.
If I'm not mistaken, this guide is similar to the guide I linked to in my initial post.
At least I did not find anything additional to try in comparison with the guide I already followed.

 

Any more ideas?

Did you read all the steps and notes?

If so, contact the support and see if the support can check the parameters and settings for you.

Or you post your config here and mosaic your sensitive information like IP address but leave it still readable for identifying the IP class.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#14
Options
Re:How to configure VPN via IKEv2/IPSec for Android 11+ and Windows 11 client devices?
2024-02-21 06:20:16

  @Clive_A 

Hi!
I already contacted TP-Link support. After checking my VPN policy once, first level support promised to forward my issue to the next support level. This was at the beginning of January. Unfortunately I did not get any further feedback from them, yet.
What do you mean with "your config"? Do you mean the screen shots in my initial post?

  0  
  0  
#15
Options
Re:How to configure VPN via IKEv2/IPSec for Android 11+ and Windows 11 client devices?
2024-02-21 07:30:51

Hi @gerba 

Thanks for posting in our business forum.

gerba wrote

  @Clive_A 

Hi!
I already contacted TP-Link support. After checking my VPN policy once, first level support promised to forward my issue to the next support level. This was at the beginning of January. Unfortunately I did not get any further feedback from them, yet.
What do you mean with "your config"? Do you mean the screen shots in my initial post?

If you can take a second to read the whole guide earlier from me.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#16
Options
Re:How to configure VPN via IKEv2/IPSec for Android 11+ and Windows 11 client devices?
2024-02-21 11:15:06 - last edited 2024-02-21 11:26:19

  @Clive_A 

 

I did already, and now I did again (see attached screenshot).

Btw.:
In my initial post I was writing not only about Android 13+ devices, but also about Android 11+ and Windows 11 devices. 
i. e. in Android 11 there is even no field to enter the 'IPSec-ID' or 'Remote ID' at all - just 'Name' and 'Password' fields are available with 'IKEv2/IPSec PSK' type; also in Windows 11 I cannot enter 'IPSec-ID' or 'Remote ID'.

And as I already mentioned, I also read and tried the guide 'How to connect to Omada Router using IKEv2 VPN of Android/iOS'.


What can I do more, than trying everything written in the guide(s)?

File:
config.pngDownload
  0  
  0  
#17
Options
Re:How to configure VPN via IKEv2/IPSec for Android 11+ and Windows 11 client devices?
2024-02-22 01:25:39

Hi @gerba 

Thanks for posting in our business forum.

gerba wrote

  @Clive_A 

 

I did already, and now I did again (see attached screenshot).

Btw.:
In my initial post I was writing not only about Android 13+ devices, but also about Android 11+ and Windows 11 devices. 
i. e. in Android 11 there is even no field to enter the 'IPSec-ID' or 'Remote ID' at all - just 'Name' and 'Password' fields are available with 'IKEv2/IPSec PSK' type; also in Windows 11 I cannot enter 'IPSec-ID' or 'Remote ID'.

And as I already mentioned, I also read and tried the guide 'How to connect to Omada Router using IKEv2 VPN of Android/iOS'.


What can I do more, than trying everything written in the guide(s)?

If you are on Android 11, which I don't have any Android 11 devices, does it still keep the L2TP? Then use the L2TP.

L2TP over IPsec, it is basically the same and with easier config. (Search L2TP Omada on the official website and you can find the guide.)

 

The whole question from the beginning should not be on IPsec. IPsec was recommended because 13 or above removed L2TP. You asked how to do it with IPsec, that's how you set it up with IPsec. Remote ID is required.

 

And, if you have read what I sent to you, you should see that Remote ID is needed.  IPsec server is also not supposed to be placed behind a NAT.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#18
Options
Re:How to configure VPN via IKEv2/IPSec for Android 11+ and Windows 11 client devices?
2024-02-25 18:49:01

  @Clive_A 

 

Hello!

Thank you, too, for participating in this thread.
I appreciate every constuctive comment.
And I can only repeat, what I already wrote:
I tried everything, you recommended and what is written in the guides you shared with me.

Maybe you did not not notice that.
And maybe you also did not notice, that I explained, that actually neither in Android 11 nor in Windows 11 there is a field to enter the Remote ID.
And even the Android 13 device with the configuration using the Remote ID cannot connect to the VPN server.

But anyway - If I understood you right, it is not possible to establish a VPN connection via IKEv2/IPSec PSK with Android 11+ and Windows 11+ client devices, right?

And concerning your comment about IPSec server behind NAT devices:
Physically my ER7212PC is "behind" the internet router of the ISP. But on that internet router DMZ is configured - so it is forwarding everything to and from the ER7212PC, no NAT is happening there. I have been successfully using this VPN configuration via IPSec/L2TP PSK with my ER6120 and my Android 11 and Windows 10/11 devices for years.

But as newer Android versions stopped supporting L2TP, I had to move forward to a more "state-of-the-art" VPN protocol, which is supported by native Android 11+ and Windows 11+ VPN functionality. And I thought the ER7212PC would be a good choice for that.
If IPSec is the wrong choice for that, which secure VPN type do you recommend, which I can configure on the mentioned operating systems?

Kind regards,
Gerald

  0  
  0  
#19
Options
Re:How to configure VPN via IKEv2/IPSec for Android 11+ and Windows 11 client devices?
2024-02-26 01:51:16

Hi @gerba 

Thanks for posting in our business forum.

gerba wrote

  @Clive_A 

 

Hello!

Thank you, too, for participating in this thread.
I appreciate every constuctive comment.
And I can only repeat, what I already wrote:
I tried everything, you recommended and what is written in the guides you shared with me.

Maybe you did not not notice that.
And maybe you also did not notice, that I explained, that actually neither in Android 11 nor in Windows 11 there is a field to enter the Remote ID.
And even the Android 13 device with the configuration using the Remote ID cannot connect to the VPN server.

But anyway - If I understood you right, it is not possible to establish a VPN connection via IKEv2/IPSec PSK with Android 11+ and Windows 11+ client devices, right?

And concerning your comment about IPSec server behind NAT devices:
Physically my ER7212PC is "behind" the internet router of the ISP. But on that internet router DMZ is configured - so it is forwarding everything to and from the ER7212PC, no NAT is happening there. I have been successfully using this VPN configuration via IPSec/L2TP PSK with my ER6120 and my Android 11 and Windows 10/11 devices for years.

But as newer Android versions stopped supporting L2TP, I had to move forward to a more "state-of-the-art" VPN protocol, which is supported by native Android 11+ and Windows 11+ VPN functionality. And I thought the ER7212PC would be a good choice for that.
If IPSec is the wrong choice for that, which secure VPN type do you recommend, which I can configure on the mentioned operating systems?

Kind regards,
Gerald

In your config in the OP, you did not set up a Remote ID. I don't know too much about Windows or Android 11.

As far as I can see, at the very beginning of the setup on Windows 10, there is no option to fill in the Remote ID. Maybe later in the Properties, you may. I did not look into this as it is not my job.

 

In the docs, I am told that Android lacks of Remote ID option and that is the reason why you cannot make a connection.

In addition, I have iterated that you do not put it behind a NAT even if you have port forward or DMZ. Same concept and the same thing. I have iterated this and I will not further explain on this matter. This will be my last reply on it as it is behind a NAT and there is a possibility of experiencing an issue because of this.

This is the whole point I am asking for your screenshots. It was indeed put behind a NAT.

When both were happening, with no Remote ID and behind a NAT, you would not be able to make a connection because the peer is using the IP address to look for a connection instead of the "remote ID" the other peer has.

This is what it looks like when Remote ID is missing and it is using IP to look for the other device. And it is behind a NAT even if it is an open port.

 

WG is using a single port. Both OVPN and WG can be an option when hosting behind a NAT, unlike the IPsec.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#20
Options
Re:How to configure VPN via IKEv2/IPSec for Android 11+ and Windows 11 client devices?
2024-02-29 09:01:54

Hi!
 

@Clive_A 

What do you mean with 'WG'? Wireguard?
I have to avoid any third party VPN solution.
What I need to know is, how I can establish VPN connection with built-in VPN functionalities of Android 11+ and Windows 11+.
This is what TP-Link product support promised me to work, before I replaced my previous VPN router (ER6120) and my whole other network periphery.

Little update:
I reset the ER7212PC now.
Before that neither the L2TP nor the IKev2 connection worked anymore.
Now I configured only the L2TP VPN server and my Android 11 device quickly connects via VPN again.
So obviously no problem with my setting (ER7212PC "behind" internet router having DMZ configured).

I have this suspicion:
It seems not to be possible to configure more than one VPN policy.
If you do so, none is working - even if you have enabled just one of them.
Can that be true?
If yes, what sense does it make to be able to configure several VPN policies?

Kind regards,
Gerald
 

  0  
  0  
#21
Options