FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
702 views 0 comments
by anonymous
Can you provide me with the configuration for IKEv2/IPsec with PSK (Only option available on Tablet) to connect to a RUTX09 using Dynamic DNS address. Currently connecting with L2TP/IPsec with PSK VPN from Windows 10 successfully, but don't have this option available on the Android tablet?

1 Answer

0 votes
by anonymous

Hello,

  

To configure IPsec to connect any Android device using IKEv2 key exchange, follow these steps:

  • In the router WebUI, navigate to Services → VPN → IPsec;
  • Create a new instance;
  • Leave the Remote endpoint field empty;
  • Set the pre-shared key;
  • Local and remote identifier needs to be set to %any
  • In the connection settings, specify the local subnet as the LAN network of the RUTX09 (by default - 192.168.1.0/24);
  • Remote subnet field can be left empty;
  • Change the Key exchange to IKEv2;
  • In the Advanced connection settings, in the remote source IP specify the IP range, that the addresses will be provided to the clients from (e.g. 10.10.10.0/24). Make sure this subnet is different from other subnets in use;
  • Proposal settings can stay on default;

Assuming DDNS is already configured, the configuration will continue on your tablet:

  •  In settings, navigate to VPN settings and create a new IKEv2/IPsec PSK instance;
  • Specify the server address, which will be the DDNS domain name, that will point to your RUTX09;
  • IPsec identifier can be entered as tablet (RUTX09 will accept any name);
  • IPsec pre-shard key needs to be the same as on the RUTX09;

And that should be it! The tablet should connect to the RUTX09.

Keep in mind, that the tablet will not be able to access the WebUI or SSH of the router unless a traffic rule is configured to allow traffic from WAN to Device(Input), with the argument -m policy --dir in --pol ipsec. It could look like so:

Hope this helps!

  

Best regards,
DaumantasG