Configuration Guide How to Configure IPsec IKEv2 VPN for Android 13/14 or iPhone (With Troubleshooting Included)
Background:
Most cell phones now support IKEv2 VPN connections. Especially since Android has removed L2TP VPN. When you are out of home without a computer around and want to access some resources from your home network, establishing a VPN connection with the router through your phone is an easy and secure way.
This Article Applies to:
Routers with IPsec VPN.
Application Scenario:
Configuration Steps:
1. Start your Controller and access the Organization, choose the site.
2. Go to Settings > VPN > Create New VPN Policy > Client-to-Site VPN > VPN Server - IPsec
- Set up your VPN server as Responder in Advanced Settings.
- Remote Host should be set as 0.0.0.0.
- Local Networks are the resources your VPN client can access.
- IP Pool is used for the VPN client.
3. Go to Advanced Settings.
Negotiation Mode is set to Responder Mode.
Remote ID Type as Name and Remote ID as 123. Or you can choose your own ID.
4. Click Create.
5. Set up the Android IKEv2 IPsec client now. If you have trouble with this step, please refer to your manufacturer's User Guide on how to set up VPN.
- Name is only for identification.
- Server IP should be your public IP address. The picture is only for demonstration purposes and varies in your scenario.
- IPsec Identifier should be the Remote ID you set.
- Preshared Key should match the key you set up on the server.
(Optional) 6. Set up the iOS. Based on the previous steps, in the Advanced Settings, enable Local ID Type and put Local ID.
(Optional) 7. Set up the iOS client.
Note:
1. The IPsec VPN server IP address is a private IP address. This is for demonstration purposes. In your scenario, you are supposed to use a public IP address. If you don't have a public IP address, please contact your ISP. We are not obliged to offer any help to resolve your issues with the IP address.
2. This is classified as a Client-to-Site IPsec tunnel. There is no full tunneling. If you need full tunnel and proxy, please consider a different type of VPN.
3. If your IPsec VPN server is behind a NAT, please set your modem router into bridge mode.
If there is a problem with your WAN IP address being a private IP, and behind a NAT, even if you have set up the port forwarding, but there is still a chance to experience the error failing to connect, we are NOT obliged to resolve issues in this situation.
This is mainly due to the Android IPsec IKEv2 limitation in Remote ID, there is a possibility of experiencing a connection problem.
4. Different Android phones may have different Phase 1 and 2 encryption proposals, we recommend you try different ones if you experience a problem with that.
5. Samsung cellphones, the Remote ID type should be selected as IP address.
Update Log:
May 27th, 2024:
Add a note.
Feb 5th, 2024:
Release of this guide.
Recommended Threads:
How to connect to Omada Router using IKEv2 VPN of Android/iOS
Get the Latest Firmware Releases for Omada Routers Here - Subscribe for Updates
Get the Latest Omada SDN Controller Releases Here - Subscribe for Updates
Feedback:
- If this was helpful, welcome to give us Kudos by clicking the upward triangle below.
- If there is anything unclear in this solution post, please feel free to comment below.
Thank you in advance for your valuable feedback!
------------------------------------------------------------------------------------------------
Have other off-topic issues to report?
Welcome to > Start a New Thread < and elaborate on the issue for assistance.
Background:
Most cell phones now support IKEv2 VPN connections. Especially since Android has removed L2TP VPN. When you are out of home without a computer around and want to access some resources from your home network, establishing a VPN connection with the router through your phone is an easy and secure way.
This Article Applies to:
Routers with IPsec VPN.
Application Scenario:
Configuration Steps:
1. Start your Controller and access the Organization, choose the site.
2. Go to Settings > VPN > Create New VPN Policy > Client-to-Site VPN > VPN Server - IPsec
- Set up your VPN server as Responder in Advanced Settings.
- Remote Host should be set as 0.0.0.0.
- Local Networks are the resources your VPN client can access.
- IP Pool is used for the VPN client.
3. Go to Advanced Settings.
Negotiation Mode is set to Responder Mode.
Remote ID Type as Name and Remote ID as 123. Or you can choose your own ID.
Note: Samsung cellphones, the Remote ID type should be selected as IP Address.
4. Click Create.
5. Set up the Android IKEv2 IPsec client now. If you have trouble with this step, please refer to your manufacturer's User Guide on how to set up VPN.
- Name is only for identification.
- Server IP should be your public IP address. The picture is only for demonstration purposes and varies in your scenario.
- IPsec Identifier should be the Remote ID you set.
- Preshared Key should match the key you set up on the server.
(Optional) 6. Set up the iOS. Based on the previous steps, in the Advanced Settings, enable Local ID Type and put Local ID.
(Optional) 7. Set up the iOS client.
Note:
1. The IPsec VPN server IP address is a private IP address. This is for demonstration purposes. In your scenario, you are supposed to use a public IP address. If you don't have a public IP address, please contact your ISP. We are not obliged to offer any help to resolve your issues with the IP address.
2. This is classified as a Client-to-Site IPsec tunnel. There is no full tunneling. If you need full tunnel and proxy, please consider a different type of VPN.
3. If your IPsec VPN server is behind a NAT, please set your modem router into bridge mode.
If there is a problem with your WAN IP address being a private IP, and behind a NAT, even if you have set up the port forwarding, but there is still a chance to experience the error failing to connect, we are NOT obliged to resolve issues in this situation.
This is mainly due to the Android IPsec IKEv2 limitation in Remote ID, there is a possibility of experiencing a connection problem.
4. Different Android phones may have different Phase 1 and 2 encryption proposals, we recommend you try different ones if you experience a problem with that.
5. Samsung cellphones, the Remote ID type should be selected as IP Address.
Update Log:
Aug 28th, 2024:
Update the note and title.
May 27th, 2024:
Add a note.
Feb 5th, 2024:
Release of this guide.
Recommended Threads:
How to connect to Omada Router using IKEv2 VPN of Android/iOS
Get the Latest Firmware Releases for Omada Routers Here - Subscribe for Updates
Get the Latest Omada SDN Controller Releases Here - Subscribe for Updates
Feedback:
- If this was helpful, welcome to give us Kudos by clicking the upward triangle below.
- If there is anything unclear in this solution post, please feel free to comment below.
Thank you in advance for your valuable feedback!
------------------------------------------------------------------------------------------------
Have other off-topic issues to report?
Welcome to > Start a New Thread < and elaborate on the issue for assistance.