IKEv2 VPN Not Connecting - IKE_Auth Packet Fragmentation
Hoping someone can shed some light.
We have a number of users all on Windows 10. Intermittently the client will fail to connect to IKEv2 VPN. Having raised with WG Support and ran some testing with them, they have advised that issues can arise when IKE_AUTH packets arrive as fragments.
They offered the following KB:
Following the KB, we have been looking into the different scenarios of what works and what doesn't.
Removing all expired certs for the Trusted CA Authority on the local machine resolves the issue. - the issue with this is 2 fold; firstly this is not a manageable solution and secondly, some expired certs that were deleted come back again.
Proved that if the # of cert <=56 the connection works. >56 the connection won't work. (However Windows 11 devices that have 60/70+ certs never have any issues.)
Has anyone else come across this and offer any solutions?