Community discussions

MikroTik App
 
tonify
just joined
Topic Author
Posts: 21
Joined: Fri Sep 04, 2020 11:57 pm
Location: Macau

IkeV2 VPN server setup for Android 13

Tue Apr 25, 2023 5:29 pm

Hi,

Anyone have luck that configure the Ikev2 vpn on Mikrotik for Android 13?

If yes, please share how to do it.

Thank you
 
Oleg554555
just joined
Posts: 5
Joined: Sun May 21, 2023 4:03 am

Re: IkeV2 VPN server setup for Android 13

Sat May 27, 2023 3:40 pm

It is impossible to configure via eap radius, most likely a problem on the part of Mikrotik. I managed to configure through authentication with 2 CA certificates and the client in Mikrotik identity is a digital signature
 
User avatar
abbio90
Member
Member
Posts: 437
Joined: Fri Aug 27, 2021 9:16 pm
Location: Oristano
Contact:

Re: IkeV2 VPN server setup for Android 13

Mon May 29, 2023 9:01 am

good morning, I made a guide that works on some phones but not on all. it works for me on samsung but not on xiaomi


https://foisfabio.it/index.php/2023/03/ ... tik-ikev2/
 
User avatar
own3r1138
Forum Veteran
Forum Veteran
Posts: 727
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: IkeV2 VPN server setup for Android 13

Mon May 29, 2023 9:13 am

https://help.mikrotik.com/docs/display/ ... outerOSv7)

EAP is working fine on MT. Use Strongswan on Android clients.
 
User avatar
Damago1
just joined
Posts: 13
Joined: Wed Jan 10, 2024 9:25 pm

Re: IkeV2 VPN server setup for Android 13

Sun Jun 16, 2024 10:34 pm

Here is a working configuration of ipsec ikev2 / psk vpn:

notes:
1.this configuration is NOT touching the "default" profile, "default" identity etc. So it should work in parallel with other VPN types, for instance in paralell with L2TP/ipsec VPN which is creating dynamic identity/peer and cannot use anything else than default. So this configuration is glued together by a group named "ike2-group"
2. Android still claims this VPN as "insecure" however I did not dig deeper, I wanted to just "make it work" because L2TP was removed.
3. You need to alter below scripts a bit, by filling in the [TEXT IN BRACKETS] with your names/passwords etc.
4. you need to create address pool for the VPN connections first, and give the pool's name as [ADDRESS_POOL] below
5. [FULL_DOMAIN_NAME_OF_ROUTER] is DNS name under which router will be available (like www.google.com)
6. [SECRET] is your pre-shared key.
7. In Android you have to give such VPN settings:
"name" whatever you like.
"type" is "IKEv2/IPSec PSK"
"Server address" the same as in [FULL_DOMAIN_NAME_OF_ROUTER]
"IPsec identifier" the same as in [FULL_DOMAIN_NAME_OF_ROUTER]
"Pre shared key" the same as in [SECRET]
8. Maybe proposal could be simplified. I was adding everything till it started to work.
# 2024-06-16 21:14:19 by RouterOS 7.13.2
# model = RB3011UiAS
/ip ipsec policy group
add name=ike2-group
/ip ipsec mode-config
add address-pool=[ADDRESS_POOL] name=ike2-config
/ip ipsec profile
add dh-group=ecp256,ecp384,ecp521,modp8192,modp6144,modp4096,modp3072,modp2048 enc-algorithm=aes-256,aes-192,aes-128 hash-algorithm=sha512 name=ike2-profile proposal-check=claim
/ip ipsec peer
add exchange-mode=ike2 name=ike2-peer passive=yes profile=ike2-profile secret=[SECRET]
/ip ipsec proposal
add auth-algorithms=sha512,sha256 enc-algorithms=aes-256-cbc,aes-256-ctr,aes-256-gcm,aes-192-cbc,aes-192-ctr,aes-192-gcm,aes-128-cbc,aes-128-ctr,aes-128-gcm name=ike2-proposal pfs-group=\
    modp4096
/ip ipsec identity
add comment="identity to be used in ikev2" generate-policy=port-strict mode-config=ike2-config my-id=fqdn:[FULL_DOMAIN_NAME_OF_ROUTER]\
  peer=ike2-peer policy-template-group=ike2-group
/ip ipsec policy
add comment="policy to be used in ike2-identity and ike2-policy" dst-address=0.0.0.0/0 group=ike2-group proposal=ike2-proposal src-address=0.0.0.0/0 template=yes
 
jcesarabreu
just joined
Posts: 1
Joined: Sun Jun 23, 2024 5:08 am

Re: IkeV2 VPN server setup for Android 13

Sun Jun 23, 2024 5:10 am

Thank you very much, Damago.

I was having trouble configuring the VPN for some time after my cell phone updated.

A big hug

Who is online

Users browsing this forum: jaclaz and 43 guests