Hello,
To configure IPsec to connect any Android device using IKEv2 key exchange, follow these steps:
- In the router WebUI, navigate to Services → VPN → IPsec;
- Create a new instance;
- Leave the Remote endpoint field empty;
- Set the pre-shared key;
- Local and remote identifier needs to be set to %any
- In the connection settings, specify the local subnet as the LAN network of the RUTX09 (by default - 192.168.1.0/24);
- Remote subnet field can be left empty;
- Change the Key exchange to IKEv2;
- In the Advanced connection settings, in the remote source IP specify the IP range, that the addresses will be provided to the clients from (e.g. 10.10.10.0/24). Make sure this subnet is different from other subnets in use;
- Proposal settings can stay on default;
Assuming DDNS is already configured, the configuration will continue on your tablet:
- In settings, navigate to VPN settings and create a new IKEv2/IPsec PSK instance;
- Specify the server address, which will be the DDNS domain name, that will point to your RUTX09;
- IPsec identifier can be entered as tablet (RUTX09 will accept any name);
- IPsec pre-shard key needs to be the same as on the RUTX09;
And that should be it! The tablet should connect to the RUTX09.
Keep in mind, that the tablet will not be able to access the WebUI or SSH of the router unless a traffic rule is configured to allow traffic from WAN to Device(Input), with the argument -m policy --dir in --pol ipsec. It could look like so:
Hope this helps!
Best regards,
DaumantasG
