ikev2, anyone got it working?

DanTulovsky_ · ‎06-18-2010

So with minimal effort so far, I tried to get IKEv2 working. I set it up on the Appliance based on the (very minimal) documentation in the manual. I've tried connecting with a number of different clients, but so far the appliances is refusing to answer. I see, on the client, an initial ike packet go out over port 500. I see, on the appliance, that the packet makes it to the appliance. I never see any replies go out from the appliance. I see nothing in the logs. There is no indication of anything happening at all. With the exact same setup, 7.0beta4 would crash (one of the daemons that seems to be responsible for ike), but with the release version I see nothing. Has anyone gotten it working? Thanks Dan

Lilja_ · ‎06-22-2010

Tried with win7 client, get the "error 13843:invalid payload received" message..

GarethDS_ · ‎06-24-2010

Running _7.0R1 (build 16007) no joy either, doco is limited

DanTulovsky_ · ‎06-24-2010

According to the case I have open with Juniper, the IKEv2 support is limited to MOBIKE. http://www.rfc-editor.org/rfc/rfc4555.txt I am still waiting to get details on what clients it's supposed to work with.

gmachin_ · ‎06-26-2010

We are having the same problem. I have also asked our Juniper rep for the clients that have been tested. Please post if you get a response from Juniper.

billiam_ · ‎08-18-2010

I'm also looking at this new feature but can't get the gateway to log any messages or send any reply packets to the client. Anybpody had any luck getting this working yet?

Thanks

DanTulovsky_ · ‎08-18-2010

I did get it to work with the Windows7 Agile VPN client. We also have it working using the Strongswan vpn client on linux.

billiam_ · ‎08-18-2010

I've just tried this with the WIndows 7 Agile VPN and get the same error as mentioned previously: "error 13843:invalid payload received". Have you seen this and do you know the reason for it?

I have so many questions about how this feature works and what with, but no clue from the admin guide.

If I have multiple realms / sign-in policies configured, how does the IKEv2 feature know which realm to go against or this there some unwritten feature that it has to be the "Users" realm?

DanTulovsky_ · ‎08-18-2010

I haven''t seen that error specifically. As for realms, if you look under Configuration/IKEv2, you can tell it which Realm to use. then, under the role that you will assign, Under General/Overview, make sure IKEv2 is checked. I suspect that if you don't have IKEv2 checked under Role, you might get the error you are seeing.

jnousse_ · ‎12-06-2010

I succeeded to use IKEv2 with strongswan on linux. I didn't try with another client.

But here is the steps I followed :

- Create a CA certificate and a client certificate and key.

- Put on the SSLVPN box the CA certificate in the section configuration -> certificate -> Trusted client certificate

- I created a new authentication server as a certificate server.

- I created a new Realm using this server for authentication and selecting a role based on userAgent (IKEv2) or the username.

- I check IKEv2 in the role used for these users

- I choose the new-created realm in configuration -> IKEv2.

But if anyone succeeded to authenticate the user with username/password, I'm interested...

ikev2, anyone got it working?

ikev2, anyone got it working?

Re: ikev2, anyone got it working?

Re: ikev2, anyone got it working?

Re: ikev2, anyone got it working?

Re: ikev2, anyone got it working?

Re: ikev2, anyone got it working?

Re: ikev2, anyone got it working?

Re: ikev2, anyone got it working?

Re: ikev2, anyone got it working?

Re: ikev2, anyone got it working?