Entra ID not working for IKEv2
I've been playing around with syncing Entra ID users to AuthPoint (without syncing to an Active Directory), however I've run into an issue with IKEv2.
I have Entra ID set up as an external identity, and I am able to use my Entra ID username & password for the SSLVPN client, and it works well.
However, when I try to use the IKEv2 VPN (Built-in Windows 11), it does not work. Just throws the generic "Can't connect to WG IKEv2."
Nothing appears in WG Cloud audit logs and nothing appears on the traffic monitor on the Firebox itself.
Only sort of log I've been able to track down is in Windows Event Viewer:
"The user SYSTEM dialed a connection named WG IKEv2 which has failed. The error code returned on failure is -2143157998."
All users created directly in WatchGuard Cloud Directory still work as intended, so this issue is only with Entra ID users specifically on IKEv2 VPN.
Anyone have any ideas for a solution?
Comments
Because of the ms-chap encryption you need a NPS server + Azure AD Domain Services config....
https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/AuthPoint/Azure-firebox-ikev2-vpn_authpoint.htm