locked
Not able to connect to Server 2012 IKEv2 VPN from Android, iOS or Mac RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    I am having an issue where I am not able to connect to my Server 2012 VPN by IKEv2 from my Android, iOS or Mac devices. I have tried using the in built VPN clients, and tried using strongSwan instead, but none of them work. When I use strongSwan, I can view the logs and the last thing that is shown is "NO_PROPOSAL_CHOSEN". Can anybody please tell me what I should do to try and fix this?

    It works perfectly fine on my Windows computers, just not with any other device with a different OS. I have tried using EAP on its own as well as Machine Certificates on its own with no luck.

    Thanks 

    Wednesday, January 10, 2018 10:02 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello Together

    I configure my VPN on a Server 2016 and found the same Issue with Strongswan. So there is a solution:

    https://wiki.strongswan.org/projects/strongswan/wiki/Windows7#AES-256-CBC-and-MODP2048

    Set the Regedit key: AES-256-CBC and MODP2048

    After that the issue is gone. In my Case (with EAP-TLS) comes now the next Issue:

    https://wiki.strongswan.org/issues/1144

    No Solution for that :(

    Even when i try to connect over eap-mschapv2 auth... i have no luck.

    Maybe someone have made such a setup sucessfully and can give a tip?

    Many Thanks

    Regards



    • Edited by Alitai Sunday, February 11, 2018 12:57 AM
    • Proposed as answer by Omid Shojaee Sunday, February 11, 2018 10:57 AM
    • Marked as answer by technogeek102 Saturday, April 14, 2018 9:31 PM
    Sunday, February 11, 2018 12:36 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi ,

    This is a quick note to let you know that I am currently performing research on this issue and will get back to you as soon as possible. I appreciate your patience.
    If you have any updates during this process, please feel free to let me know.

    Best Regards,

    Candy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, January 12, 2018 9:17 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi ,

    This is a quick note to let you know that I am currently performing research on this issue and will get back to you as soon as possible. I appreciate your patience.
    If you have any updates during this process, please feel free to let me know.

    Best Regards,

    Candy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Hi,

    we have the same problem, please if you find a solution let us to know.

    Thank you

    Friday, January 19, 2018 12:26 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello Together

    I configure my VPN on a Server 2016 and found the same Issue with Strongswan. So there is a solution:

    https://wiki.strongswan.org/projects/strongswan/wiki/Windows7#AES-256-CBC-and-MODP2048

    Set the Regedit key: AES-256-CBC and MODP2048

    After that the issue is gone. In my Case (with EAP-TLS) comes now the next Issue:

    https://wiki.strongswan.org/issues/1144

    No Solution for that :(

    Even when i try to connect over eap-mschapv2 auth... i have no luck.

    Maybe someone have made such a setup sucessfully and can give a tip?

    Many Thanks

    Regards



    • Edited by Alitai Sunday, February 11, 2018 12:57 AM
    • Proposed as answer by Omid Shojaee Sunday, February 11, 2018 10:57 AM
    • Marked as answer by technogeek102 Saturday, April 14, 2018 9:31 PM
    Sunday, February 11, 2018 12:36 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    Thank you for providing the registry trick. It works on Windows 2012 R2.

    Unfortunately I don't use TLS so I can't help you with the second issue.

    Regards

    Omid

    Sunday, February 11, 2018 10:56 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    My greatest apologies for being a few months late replying - I must admit i'd taken a break from my server and actually forgot that I had posted this! Please accept my apology.

    Thanks very much for the registry trick - it worked perfectly for my android devices using strongswan, however it now breaks it on my windows machines! I get "policy match error" on my windows 10 clients. Do you know of a fix for this?

    Thanks again,

    technogeek102

    Saturday, April 14, 2018 9:31 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Never mind. I figured out why it stopped working on Windows - you need to set the registry key on the client as well. Thanks SO much for your help!
    Saturday, April 14, 2018 9:40 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Were you able to figure this out?  It would really be helpful if android strongswan clients could connect to our Server 2012R2 vpn with ikev2 eap username/password but I am stuck with "NO_PROPOSAL_CHOSEN" as well
    Tuesday, November 27, 2018 11:37 PM