IPSec Ike2 - Roadwarrior clients on 4G - Does it works ?

Technetium · March 18, 2020, 9:41am

Actually I have 5 “road warrior” clients (notebook with Win 10) that use OpenVPN. All works fine, the external clients can connect using 4G smartphone tethering, using guest WIFI of the hotel where they are.. the only problem is that OpenVPN is slow.

I want switch my road-warrior clients to IPSec IKEv2 tunnel.. but it works with 4G smartphone tethering ? Is NAT a problem ?
Can i push routes with Ipsec ? Ex. 0.0.0.0 to route all traffic through the office wan ?

Does anyone use it in a similar scenario ?
Most of the examples i found are only for point to point tunnel with static IP on both side.

Technetium · March 18, 2020, 3:20pm

No one use an IPSec IKEv2 tunnel for it’s external client ?

seho · March 19, 2020, 11:22pm

Sure that will work when it is set up properly.

For pushing routes have look at the IPSec - ModeConfig and the Split-Include parameter.

NAT isn’t a big deal, usually NAT is automatically detected. See NAT-Traversal
I only used it with strongSwan for the remote side and this integrates NAT-Traversal, this send periodically some bytes to keep the NATed connection open.

But I don’t know what the Microsoft IKE implementation is doing