Basic concepts IKEv2 EAP

Order now | Download | FAQ

Since version 1.2 PUQVPNCP supports VPN protocol IKEv2 implemented with strongSwan

IKEv2 is a protocol that allows you to create direct IPSec tunnels between a server and a client. IPSec provides encryption of network traffic in IKEv2 virtual private networks. IKEv2 is natively supported on a number of platforms (OS X 10.11+, iOS 9.1+, Windows 10) without additional applications and easily resolves client connectivity issues.

For the protocol to work correctly, it is necessary to configure certificates for encryption; using the panel, this process is easy and comes down to pressing literally two buttons.

It is worth remembering that the main VPN protocol in the panel is WireGuard, and the IKEv2 protocol is an additional protocol. This means that before using IKEv2, you must configure the WireGuard protocol, and then enable IKEv2 support on each WireGuard interface on which you want to use IKEv2.

IKEv2 protocol available to clients

Android (Official application from strongSwan)
iOS (integrated client)
macOS (integrated client)
Linux (network-manager-strongswan)
Windows (integrated client)

Due to the specifics of Microsoft's implementation of the client in Windows, there is a technical nuance that requires you to enter the password twice each time you connect.

Usage features IKEv2 EAP

To use the IKEv2 EAP protocol, the client must have the domain name of the VPN server, username and password for authorization, and there is a need to import the root certificate to authenticate the server certificate.
The IKEv2 EAP protocol uses IPSec encryption to encrypt traffic between the client and the server, this imposes a certain load on the server and we recommend taking this into account when choosing server parameters.
The data transfer rate in the case of rate limiting is lower than declared, due to the fact that all data packets are consistent with the headers that are required for IPsec encryption to work. This is especially noticeable at low limits of 1-10 megabits.
Due to the technical aspects of VPN client rate limiting, the data rate limit will be taken from the outgoing traffic parameter, this parameter in IKEv2 connections will be for incoming and outgoing traffic

System config

Firewall settings

DNS settings

License

Configuring Web Interface Redirection on PUQVPNCP Panel for Increased Security

puqvpncp.conf

Basic concepts WireGuard

Technical requirements and installation

Creating a WireGuard Configuration

Changing WireGuard Configuration

Diagnostic Information

Port Forwarding

Basic concepts IKEv2 EAP

Technical requirements and installation

Create a root certificate

Import the root certificate

Create a server certificate

Advanced settings

Enable IKEv2

Create VPN account

Editing VPN account

Diagnostic Information

WireGuard online users list

IKEv2 online users list

Basic concepts One-time link

Basic settings and customization

Active Links List

Config WireGuard section

Config IKEv2 section

Get One-time link

WireGuard Official clients

Android WireGuard client configuration

macOS WireGuard client configuration

Windows WireGuard client configuration

Linux WireGuard client configuration

Mikrotik WireGuard client configuration

iOS WireGuard client configuration

IKEv2 Official clients

Android IKEv2 client configuration

macOS IKEv2 client configuration

Windows IKEv2 client configuration

Linux IKEv2 client configuration

Mikrotik IKEv2 client configuration

iOS IKEv2 client configuration

Traffic Logging Config

rsyslog server settings for receiving logs

The concept of backups

Backup list

Automatic backup scheduler

How to recover password

API Access Hashs

System

WireGuard

Accounts

Firewall

License

DNS

System Config

IKEv2

Check online users

One-time link

Traffic Logging Config

Backups

Basic concepts IKEv2 EAP

Order now | Download | FAQ

IKEv2 protocol available to clients

Usage features IKEv2 EAP

No Comments