Problem w/ IKEv2 mobile VPN

DVM

I cannot connect to a mobile VPN with IKEv2 when using a mobile hotspot. The device reports this error,

2023-12-22 16:30:06 iked (External_IP<->Mobile_IP)Dropped IKEv2 IKE_AUTH message from Mobile_IP:40857. Gateway-Endpoint='WG IKEv2 MVPN'. Reason=Invalid message ID in IKE_AUTH request message.

There are no issues with the mobile hotspot if I use a L2TP connection. Any suggestion?

james.carson

Hi @DVM.

The log suggests the message ID in the IKE traffic may be changed from what is expected in the IKE Auth message. If this is only happening via this mobile connection, I'd suggest checking that mobile router to see if it has any functionality to do this.

-If you see any feature to "fix" or improve IPSec, IKE, or ESP, please ensure that this is turned off. (I most commonly see this referred to as ESP-ALG on ISP devices.)
-If you see any feature for IKE or VPN pass-thru, please enable that.

If you need assistance, I'd suggest opening a support case. Our team can verify if that is what's happening and help provide packet captures if needed.