How to connect to Omada Router using IKEv2 VPN of Android/iOS
User’s Application Scenario
Most cell phones now support IKEv2 VPN connections. Especially since Android has removed L2TP VPN. When you are out of home without a computer around and want to access some resources from your home network, establishing a VPN connection with the router through your phone is an easy and secure way.
Next, we take the ER605 v2 as an example to show you how to configure IKEv2 VPN on Omada Router.
Configuration for IKEv2 VPN and Android/iOS
Step 1. Configure IKEv2 VPN setting on Router
(1) Choose the menu VPN > IPSec > IPSec Policy and click Add to load the following page on the VPN router. Configure the basic parameters for the IPsec policy.
- Specify the mode as Client-to-LAN.
- Specify the Remote Host as 0.0.0.0.
- Specify the WAN as WAN.
- Specify the Local Network as LAN. Or you can customize the Local IP address.
- Specify the Pre-shared Key as you like. Here we enter 123456.
- Specify the IP Address Pool as 10.10.10.1/24.
Step 2. Configure the IKEv2 Advanced Settings – Phase 1
Click Advanced Settings to load the following page. In the Phase-1 Settings section, configure the IKE phase-1 parameters.
- Select IKE Protocol Version as IKEv2.
- Select sha256-aes256-dh16/sha256-aes256-dh14/sha1-aes256-dh14/sha1-aes256-dh5 as the proposal.
- Specify Negotiation Mode as Responder Mode.
- Specify Local ID Type as IP Address.
- Specify the Remote ID Type as NAME and specify the remote ID as 123.
Note:
1) For Samsung cellphones, the Remote ID type should be selected as IP address.
2) Since each phone supports different proposals, we only list some common proposal combinations here. If the above four combinations cannot be successfully connected, please contact TP-Link technical support.
3) Since IKEv2 for Android cannot edit Local ID Type, only IP address can be used. So it is required that there must be no NAT device on the front of Omada router, which means the WAN IP address of Omada router must be a public IP address for the client to be able to connect successfully.
Step 3. Configure the IKEv2 Advanced Settings – Phase 2
In the Phase-2 Settings section, configure the IKE phase-2 parameters. Click OK.
- Specify Encapsulation Mode as Tunnel Mode.
- Select esp-sha256-aes256/esp-sha1-aes256 as the proposal.
Configure the IKEv2 VPN settings on Android
Here we use a phone with Android 12 as an example. Configure the IKEv2 VPN with the following parameters. Click Save and connect to the VPN server.
- Specify Name as test.
- Specify VPN type as IKEv2/IPsec PSK.
- Specify Server address as 192.168.1.122.
- Specify IP Identifier as 123.
- Specify IPsec Pre-shared Key as 123456.
- Specify Proxy as None.
Verification process
Go to VPN > IPSec > IPSec SA, the information about VPN Tunnel will be displayed above.
It will also show a successful VPN connection on the phone
Configure the IKEv2 VPN settings on iOS Devices
Step 1. Configure IKEv2 VPN setting on Router
Since iOS supports changing Local ID Type, we select Local ID Type as NAME in the phase-1 setting and specify Local ID as 321. The other settings are exactly the same as above, so we will not show them here.
Step 2. Configure IKEv2 VPN setting on Phone.
Here we use iOS 15.5 as an example for IKEv2 VPN connection. Configure the IKEv2 VPN parameters. Click Done and connect to the VPN server.
- Specify Type as IKEv2.
- Specify Description as Test.
- Specify Server as 192.168.1.122.
- Specify Remote ID as 321.
- Specify Local ID as 123.
- Specify User Authentication as None.
- Disable the Use Certificate.
- Specify Secret as 123456.
- Specify PROXY as Off.
Step 3. Verification process
The figure below shows that the iPhone successfully connected to the VPN Server and obtained the VPN IP address of 10.10.10.1.
Get to know more details of each function and configuration, please go to Download Center to download the manual of your product.
Related FAQs
- How to configure IPSec LAN to LAN VPN for multiple subnets using the new GUI
- How to access the internet by using VPN Server as a proxy gateway
- What to do if you cannot access the remote network through Client-to-LAN/Site VPN tunnel
- How to Set up PPTP & L2TP VPN Server with Omada Gateway in Controller Mode
Is this faq useful?
Your feedback helps improve this site.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.