Connecting to VPN server using IKEv2 (iOS Always-on VPN)

[davejuk]

I have an EA6900 running 380.58

I see that it is possible to configure it to run an OpenVPN server but I can't see how I can configure it to use IKEv2.

I need to use IKEv2 as I require an always-on VPN connection through my iPhone and it is the only supported protocol.

If it is possible, can anyone point me to an example configuration?

Thanks

 

[sfx2000]

You need to install the official OpenVPN client for IOS from the AppStore, and import the client config...

Don't need IKEv2...

 

[davejuk]

That won't give me an always-on VPN connection though will it?

It would be possible for the user to disconnect the VPN and for traffic to go straight out on to the internet.

 

[sfx2000]

That won't give me an always-on VPN connection though will it?

It would be possible for the user to disconnect the VPN and for traffic to go straight out on to the internet.

That's right - Apple was sued on this item, and was forced to disable "on-demand" VPN, which says much about patent-trolls and the legal system...

 

[davejuk]

OK. So do you know if it's possible to configure IKEv2 on this router/firmware combination?

 

[sfx2000]

It's not possible - Linksys embedded OpenVPN server needs the OpenVPN client on the iDevice - and not really anyway around it.

If you're running AsusWRT on a Linksys router - that's ill-advised...

 

[davejuk]

Yes, I'm running Asuswrt-Merlin on a Linksys EA6900.

I thought it might not be possible.

Can you recommend another router/firmware that would allow me to connect via IKEv2?

 

[sfx2000]

IKEv2 is LT2P/IPSec, so has nothing to do with OpenVPN - if I recall, there might be an option in AsusWRT for L2TP, but there, I can't help you...

 

[RMerlin]

IKEv2 is LT2P/IPSec, so has nothing to do with OpenVPN - if I recall, there might be an option in AsusWRT for L2TP, but there, I can't help you...

Only as a client, not as a server.

 

[Luboknok]

Does this mean IKEv2 will work as a L2TP client in stock Merlin? I though Strongswan had to be installed through entware, which is daunting.

It would be an very useful feature to integrate, IKEv2 is often 2x faster than OpenVPN on same hardware.

 

[adst4oir]

Does this mean IKEv2 will work as a L2TP client in stock Merlin?

No. They are not compatible.

L2TP/IPsec is using a L2TP tunnel on top of IPsec where the initial key exchange is using IKE(v1).

IKEv2 is a short name for transporting or tunneling directly over IPsec (AH or ESP) w/o L2TP tunneling. The initial key exchange is done by IKEv2.

 

[FreshJR]

That's right - Apple was sued on this item, and was forced to disable "on-demand" VPN, which says much about patent-trolls and the legal system...

Can you explain the changes this has caused in iOS?

 

[Sh0cker54]

You can use IKEv2 server thanks to Odkrys with native IOS and Windows clients
https://www.snbforums.com/threads/asus-ipsec-vpn-server.44973/#post-436400