Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 26 subscribers
  • Views 4176 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Access from Android and phones

Nitin Mirchandani

Hello

After recent logging, I found out that Sophos doesnot allow aggressive mode in any IPSec or L2TP mode.

This is even after I clone the policy(and modify it to aggressive) and then using Wizard to create the connection. 

 

I found that My Android Galaxy S8 (android9) will always send the IPSEC connection (weather I select IPSEC or L2TP) in aggressive mode.

There is no way IKEv2 connection be made with road warrior connection (as IP will change)

So, is there a way to allow road warrior connection to the firewall?

No - i dont want to use any other type of VPN as its throttled badly by my ISP.

 

Thank You



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Keyur

    Hello Kayur

    The first link is not applicable any more (I think it was in 2019 when Sophos/strongwan decided to remove aggressive mode from IPSEC).

    Android phones (my Samsung s8 atleast) sends aggressive mode in both L2TP as well as IKE Xuath. I am quite sure other Androids behave that way. So this link can be deprecated .

     

    SSL VPN is throttled by my ISP (we are in middle east) so not an option. (I think they use sophisticated techniques that detect the packets and try to insert pauses without breaking anything- This makes file transfer impossible and voip meaningless)

    Is there no demand for IPSEC remote warriors? I find it hard to accept - IPSEC had been mother of all VPNs and just because Strongwan decided something we all remote warriors doomed?

    Regards

    Nitin

     

    PS - There is no way to edit IPSEC policy on any android phones without rooting.

  • 0 in reply to Nitin Mirchandani

    Hi  

    I understand your concern, as an alternative, you can use SSL VPN and check with your ISP. We have Sophos Connect Client for Remote Access VPN but it is supported to run on Microsoft Windows 7 with "Convenience rollup" (Service Pack 2) update and later, and Mac OS 10.12 and later.

    You may submit your idea to ideas.sophos.com regarding your requirement.

  • 0 in reply to Keyur

    Hello

     

    For any future searches, I found the solution -

    a) For Androids, DONOT use IPSEC identifier. Leaving it blank vs inserting some value switches from main to aggressive mode. This info IS NOT "GOOGLABLE" and is make or break with ANY firewall which uses strongwan (read 99%)

    b) You have to make remote subnet as ANY.

     

    Thank you - It works.

  • 0 in reply to Nitin Mirchandani

    Hi  

    Thank you for sharing details and we glad that issue got resolved.