b-epelbaum · April 30, 2023 11:29
diff --git a/VPN On Adnroid 13 b/VPN On Adnroid 13
 I have just got this working using an ASUS RT-AC86U running merlin 386.7_2, which is behind my ISP supplied router and thus NATed. The phone is a Samsung galaxy S20 plus, recently updated to android 13. Prior to (and post) the update I was successfully using VPN type "IPSec / Xauth PSK" per the asus doco. When looking at ikev2, I changed the VPN type but found the Xauth option was removed when I went to revert...There's a lesson in that :/

 Random notes:
 I have no real idea what I'm doing so take it with a grain of salt but it's connecting and has been up for an hour now. It seemed a bit slow initially but performance seems to have improved.

 I messed around a lot with the config, some of which may or may not be necessary or secure or recommended.

 On the router
 -------------
 Advanced settings, VPN, VPN Server Tab, IPSec VPN table:
 Set a preshared key
 Export current certificate "For Mobile" and get it to you android. That panel shows:
 Status : Authenticated
 Issue to : all.dnsomatic.com <-- That's what I need for DDNS to work for me. Changing DDNS screwed things up.
 Issue from : ASUS router Root CA
 Expires on : 2029/1/14

 Create a username/password pair.

 On the android 13
 -----------------
 Import the certificate to:
 Settings, Security and privacy, Other security settings, View security certificates, USER tab (at bottom), Personal.
 I don't recall exactly how I got it here but I think it was using files or double tapping on it in email. There were several security warnings that I completely ignored so YMMV.

 Set up android VPN profile:
 Type: IKEv2/IPSec MSCHAPv2
 Server address: FQDN of your router.
 IPSec Identifier: same as FQDN of your router. Not sure this is necessary
 IPSec CA certificate: you should be able to choose the one you installed above.
 IPSec Server certificate: Received from server
 Username and password per account set up on router.
 and then connect that sucker....
	I have just got this working using an ASUS RT-AC86U running merlin 386.7_2, which is behind my ISP supplied router and thus NATed. The phone is a Samsung galaxy S20 plus, recently updated to android 13. Prior to (and post) the update I was successfully using VPN type "IPSec / Xauth PSK" per the asus doco. When looking at ikev2, I changed the VPN type but found the Xauth option was removed when I went to revert...There's a lesson in that :/

	Random notes:
	I have no real idea what I'm doing so take it with a grain of salt but it's connecting and has been up for an hour now. It seemed a bit slow initially but performance seems to have improved.

	I messed around a lot with the config, some of which may or may not be necessary or secure or recommended.

	On the router
	-------------
	Advanced settings, VPN, VPN Server Tab, IPSec VPN table:
	Set a preshared key
	Export current certificate "For Mobile" and get it to you android. That panel shows:
	Status : Authenticated
	Issue to : all.dnsomatic.com <-- That's what I need for DDNS to work for me. Changing DDNS screwed things up.
	Issue from : ASUS router Root CA
	Expires on : 2029/1/14

	Create a username/password pair.

	On the android 13
	-----------------
	Import the certificate to:
	Settings, Security and privacy, Other security settings, View security certificates, USER tab (at bottom), Personal.
	I don't recall exactly how I got it here but I think it was using files or double tapping on it in email. There were several security warnings that I completely ignored so YMMV.

	Set up android VPN profile:
	Type: IKEv2/IPSec MSCHAPv2
	Server address: FQDN of your router.
	IPSec Identifier: same as FQDN of your router. Not sure this is necessary
	IPSec CA certificate: you should be able to choose the one you installed above.
	IPSec Server certificate: Received from server
	Username and password per account set up on router.
	and then connect that sucker....
No results found