Win 10 Phones IKEv2 VPN connection failures after tightening security RRS feed

  • Question

  • Greetings, Win 10 Phone IT folks:

    We have an issue with a company VPN. A security audit recently revealed that our default RRAS VPN setup was fairly insecure; we followed Steven Jordan's suggestions in his article on the topic: https://www.stevenjordan.net/2016/09/secure-ikev2-win-10.html

    After adding the DWORD value to the registry as suggested (on both the server and client systems), all is happy, EXCEPT:

    ... it is now impossible to get our Windows 10 phone devices (we have several Lumia 950s and 950XLs being used in the field) to connect to the company public or private VPNs. The connection always fails with:

    "Policy match error"

    ...which is to be expected, since the cipher suites no longer match up and IKEv2 cannot properly set up the tunnels.

    Frustratingly, the couple of field devices we have running StrongSwan on Android work just fine, as to several other connection devices (we have two off-site routers that make/break temporary VPN connections).

    So, what I'm asking:

    Given that there seems to be no way for us to edit the registry on these devices (I tried using WICD provisioning, but that didn't work - although it did allow me to control SPLIT_TUNNELING which was very helpful), how might one go about making the Windows 10 Phones perform the same way that our Windows desktop machines do - i.e., connecting to the VPN as per usual? We need to continue to use these phones until the end of their support lifetime - can't afford to replace them all plus there's Continuum which no other phones seem to be able to match.

    Thanks in advance

    "I'm anispeptic, frasmotic, even compunctual to have caused you such pericombobulation."

    Wednesday, November 28, 2018 12:06 AM