Cannot connect to IKEv2 VPN on Win 10 laptop

I set up my IKEv2 Mobile VPN and found a post on Spiceworks (https://community.spiceworks.com/topic/2142945-watchguard-ikev2-mobile-vpn-with-windows-10-failing) that stated that Win 10 cannot connect due to weak default settings. The post recommended running a PowerShell command to fix that issue, which I did (see below).

I use RADIUS with Duo Authentication for my 2FA, and whenever I try to connect, both from an internal computer and from my laptop at Starbucks, it gets to the point of me approving the IKEv2 VPN login in Duo, then comes back with "Can't connect to Hill-T35 IKEv2 VPN" message. SSLVPN works fine with 2FA using Duo.

Set-VpnConnectionIPsecConfiguration -ConnectionName "Hill-T35 IKEv2 VPN" -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -DHGroup Group14 -PfsGroup PFS2048 -PassThru

I cannot get this sucker to work!

Gregg Hill

Comments

  • Some more information: It DOES work if I use only a local Firebox-DB user, but it fails when using 2FA with RADIUS and Duo. As soon as I tap Duo on my phone to allow it, it pops up with the "Can't connect..." message.

    Gregg Hill

  • Update as of 4/27/20:

    Right now, Duo will not work with WatchGuard’s IKEv2 VPN for 2FA. WatchGuard has identified the issue and WatchGuard and Duo are working together to fix it.

    Gregg Hill

Sign In to comment.