circle-info
Join EnGenius at ISC West 2026 in Las Vegas for AI-powered networking and proactive security solutions.
View event detailsarrow-up-right
search
Contact SupportCloud Demo

IPSec IKEv2

hashtag
Advantages of IKEv2

Compared to IKEv1, IKEv2 (Internet Key Exchange version 2) provides a more robust and efficient VPN experience:

  • Enhanced Security: Supports modern encryption algorithms (AES-GCM) and is more resistant to Denial-of-Service (DoS) attacks.

  • Faster Connection: Requires fewer message exchanges to establish a secure tunnel, resulting in quicker connection times.

  • Native OS Compatibility: Fully supported by modern versions of Windows, macOS, iOS, and Android without requiring third-party software.

hashtag
EnGenius Cloud Configuration

hashtag
Step1: Enable IKEv2 Settings

  1. Log in to EnGenius Cloud and navigate to Configure > Gateway > Client VPN.

  2. Toggle IPSec to On.

  3. Select IKEv2 as the protocol Type.

  4. Define the VPN Client Subnet and Authentication Type.

  5. Click Apply.

hashtag
Step 2: Download the CA Certificate

  1. In the Certificate field, click Download.

  2. Save the IKEv2_CA.crt file. This certificate must be installed on all client devices to establish a trust relationship with the gateway.

hashtag
3. Client Device Configuration

hashtag
Android Setup

Install Certificate: Transfer IKEv2_CA.crt to the device. Go to Settings > Security > Advanced > Encryption & credentials > Install from storage > CA certificate.

hashtag
Add VPN:

  • Type: IKEv2/IPSec MSCHAPv2.

  • Server Address: Enter the Gateway Hostname.

  • IPSec Identifier: Enter your VPN Username (This is a mandatory field for Android).

  • IPSec CA Certificate: Select the installed EnGenius CA.

circle-info

Note

Android OS “IPSec identifier” should input “Username”

hashtag
iOS Setup

  1. Install Profile: Open the .crt file and install the profile in Settings > Profile Downloaded.

  2. Trust Certificate: Go to Settings > General > About > Certificate Trust Settings and enable full trust for the EnGenius CA.

  3. Add VPN: Select IKEv2 type, enter the Server and Remote ID (Hostname), and use Username for authentication.

hashtag
macOS Setup

  1. Trust Certificate: Open IKEv2_CA.crt in Keychain Access and set it to Always Trust.

  2. Network Settings: Create a new VPN interface with type IKEv2. Enter the Server Address and Remote ID. Use Username for authentication.

circle-info

Note

Configurated as always trust

hashtag
Windows Setup

Install Certificate: Install the certificate to the Local Machine and place it in the Trusted Root Certification Authorities store.

VPN Connection: Go to VPN Settings > Add a VPN. Select IKEv2 as the VPN type and enter the server details.

circle-info

Note

the example is Connection name = IKEv2_VPN

circle-info

Must know

  • Ensure the Gateway firmware is 1.2.85 or above.

  • The Remote ID (iOS/macOS) and Server Address must match the Hostname/DDNS shown in the Cloud UI

PreviousIPSec IKEv1NextConfigure ESG VPN Users

Last updated

Was this helpful?