How to connect to Omada Router using IKEv2 VPN of Android/iOS

Configuration Guide
Updated 09-09-2022 08:19:08 AM 7031
This Article Applies to: 

User’s Application Scenario

Most cell phones now support IKEv2 VPN connections. Especially Android has removed L2TP VPN. When you are out of home without a computer around and want to access some resources at home, establishing a VPN connection with the router through your phone is an easy and secure way.

Configuration for Andriod

Step 1. Configure the IKEv2 VPN setting on the Router

(1) Choose the menu VPN > IPSec > IPSec Policy and click Add to load the following page on the VPN router. Configure the basic parameters for the IPsec policy.

· Specify the mode as Client-to-LAN.

· Specify the Remote Host as 0.0.0.0.

· Specify the WAN as WAN.

· Specify local subnet as 192.168.2.1/24

· Specify the Pre-shared Key as you like. Here we enter 123456.

(2) Click Advanced Settings to load the following page. In the Phase-1 Settings section, configure the IKE phase-1 parameters.

· Select IKE Protocol Version as IKEv2.

· Select sha2-aes256-dh16/sha2-aes256-dh14/sha1-aes256-dh14/sha1-aes256-dh5 as the proposal.

· Specify Negotiation Mode as Responder Mode.

· Specify IP Address Pool as 10.10.10.1/24.

· Specify Local ID Type as IP Address.

· Specify the Remote ID Type as NAME and specify the remote ID as 123.

NOTE :

1) Since each phone supports different proposals, we only list some common proposal combinations here. If the above four combinations cannot be successfully connected, please contact Tp-Link technical support. Some of the Android models support sha2 at least, currently only ER8411 and ER605 v2 support sha2 and dh14 or above, ER605v1 and ER7206 will be supported in subsequent firmware updates.

2) Since IKEv2 for Android cannot edit Local ID Type, only IP address can be used. So it is required that there must be no NAT device on the front of the Omada router, which means the WAN IP address of the Omada router must be a public IP address for the client to be able to connect successfully.

(3) In the Phase-2 Settings section, configure the IKE phase-2 parameters. Click OK.

· Specify Encapsulation Mode as Tunnel Mode.

· Select esp-sha2-aes256/esp-sha1-aes256 as the proposal.

Step 2. Configure IKEv2 VPN setting on Phone.

Here we use Android 12 as an example for IKEv2 VPN connection. Configure the IKEv2 VPN parameters. Click Save and connect to the VPN server.

· Specify Name as test.

· Specify VPN type as IKEv2/IPsec PSK.

· Specify Server address as 192.168.1.122.

· Specify IP Identifier as 123.

· Specify IPsec Pre-shared Key as 123456.

· Specify Proxy as None.

Step 3. Verification process

Go to VPN > IPSec > IPSec SA, the information about VPN Tunnel will be displayed above.

It will also show a successful VPN connection on the phone

Configuration for iOS

Step 1. Configure the IKEv2 VPN setting on the Router

Since iOS supports changing Local ID Type, we select Local ID Type as NAME in the phase-1 setting and specify Local ID as 321. The other settings are exactly the same as above, so we will not show them here.

Step 2. Configure the IKEv2 VPN setting on the Phone.

Here we use iOS 15.5 as an example for the IKEv2 VPN connection. Configure the IKEv2 VPN parameters. Click Done and connect to the VPN server.

· Specify Type as IKEv2.

· Specify Description as Test.

· Specify Server as 192.168.1.122.

· Specify Remote ID as 321.

· Specify Local ID as 123.

· Specify User Authentication as None.

· Disable the Use Certificate.

· Specify Secret as 123456.

· Specify PROXY as Off.

Step 3. Verification process

The figure below shows that the iPhone successfully connected to the VPN Server and obtained the VPN IP address of 10.10.10.1.

Get to know more details about each function and configuration please go to Download Center to download the manual of your product.

Related FAQs

Is this faq useful?

Your feedback helps improve this site.

Recommend Products

From United States?

Get products, events and services for your region.