How to connect to Omada Router using IKEv2 VPN of Android/iOS

Configuration Guide
Updated 08-25-2023 21:32:18 PM 53693
This Article Applies to: 

User’s Application Scenario

Most cell phones now support IKEv2 VPN connections. Especially since Android has removed L2TP VPN. When you are out of home without a computer around and want to access some resources from your home network, establishing a VPN connection with the router through your phone is an easy and secure way.

Next, we take the ER605 v2 as an example to show you how to configure IKEv2 VPN on Omada Router.

Configuration for IKEv2 VPN and Android/iOS

Step 1. Configure IKEv2 VPN setting on Router

(1) Choose the menu VPN > IPSec > IPSec Policy and click Add to load the following page on the VPN router. Configure the basic parameters for the IPsec policy.

  • Specify the mode as Client-to-LAN.
  • Specify the Remote Host as 0.0.0.0.
  • Specify the WAN as WAN.
  • Specify the Local Network as LAN. Or you can customize the Local IP address.
  • Specify the Pre-shared Key as you like. Here we enter 123456.
  • Specify the IP Address Pool as 10.10.10.1/24.

Step 2. Configure the IKEv2 Advanced Settings – Phase 1

Click Advanced Settings to load the following page. In the Phase-1 Settings section, configure the IKE phase-1 parameters.

  • Select IKE Protocol Version as IKEv2.
  • Select sha256-aes256-dh16/sha256-aes256-dh14/sha1-aes256-dh14/sha1-aes256-dh5 as the proposal.
  • Specify Negotiation Mode as Responder Mode.
  • Specify Local ID Type as IP Address.
  • Specify the Remote ID Type as NAME and specify the remote ID as 123.

Note:

1) Since each phone supports different proposals, we only list some common proposal combinations here. If the above four combinations cannot be successfully connected, please contact TP-Link technical support.

2) Since IKEv2 for Android cannot edit Local ID Type, only IP address can be used. So it is required that there must be no NAT device on the front of Omada router, which means the WAN IP address of Omada router must be a public IP address for the client to be able to connect successfully.

Step 3. Configure the IKEv2 Advanced Settings – Phase 2

In the Phase-2 Settings section, configure the IKE phase-2 parameters. Click OK.

  • Specify Encapsulation Mode as Tunnel Mode.
  • Select esp-sha256-aes256/esp-sha1-aes256 as the proposal.

Configure the IKEv2 VPN settings on Android

Here we use a phone with Android 12 as an example. Configure the IKEv2 VPN with the following parameters. Click Save and connect to the VPN server.

  • Specify Name as test.
  • Specify VPN type as IKEv2/IPsec PSK.
  • Specify Server address as 192.168.1.122.
  • Specify IP Identifier as 123.
  • Specify IPsec Pre-shared Key as 123456.
  • Specify Proxy as None.

Verification process

Go to VPN > IPSec > IPSec SA, the information about VPN Tunnel will be displayed above.

It will also show a successful VPN connection on the phone

Configure the IKEv2 VPN settings on iOS Devices

Step 1. Configure IKEv2 VPN setting on Router

Since iOS supports changing Local ID Type, we select Local ID Type as NAME in the phase-1 setting and specify Local ID as 321. The other settings are exactly the same as above, so we will not show them here.

Step 2. Configure IKEv2 VPN setting on Phone.

Here we use iOS 15.5 as an example for IKEv2 VPN connection. Configure the IKEv2 VPN parameters. Click Done and connect to the VPN server.

  • Specify Type as IKEv2.
  • Specify Description as Test.
  • Specify Server as 192.168.1.122.
  • Specify Remote ID as 321.
  • Specify Local ID as 123.
  • Specify User Authentication as None.
  • Disable the Use Certificate.
  • Specify Secret as 123456.
  • Specify PROXY as Off.

Step 3. Verification process

The figure below shows that the iPhone successfully connected to the VPN Server and obtained the VPN IP address of 10.10.10.1.

Get to know more details of each function and configuration, please go to Download Center to download the manual of your product.

Related FAQs

Is this faq useful?

Your feedback helps improve this site.

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >

From United States?

Get products, events and services for your region.