Closed jonatanhovgaard closed 3 years ago
Indeed, this is a known issue with Microsoft. For some reason, Windows ignores the cryptography settings when the NativeProtocolType is set to Automatic. :/
More details here: https://directaccess.richardhicks.com/2019/01/07/always-on-vpn-ikev2-connection-failure-error-code-800/
Thanks!
Thanks a lot for your reply and thanks for all the relevant info on AOVPN you provide to all of us via your website and github account. 😊
From: Richard M. Hicks notifications@github.com Sent: 26. januar 2021 00:16 To: richardhicks/aovpn aovpn@noreply.github.com Cc: Jonatan Kragh Hovgaard joa@netip.dk; Author author@noreply.github.com Subject: Re: [richardhicks/aovpn] CryptographySuite setting is not applied to the user tunnel (#10)
Indeed, this is a known issue with Microsoft. For some reason, Windows ignores the cryptography settings when the NativeProtocolType is set to Automatic. :/
More details here: https://directaccess.richardhicks.com/2019/01/07/always-on-vpn-ikev2-connection-failure-error-code-800/https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdirectaccess.richardhicks.com%2F2019%2F01%2F07%2Falways-on-vpn-ikev2-connection-failure-error-code-800%2F&data=04%7C01%7Cjoa%40netip.dk%7Cde9a44d3f1a746f30c8008d8c18744b6%7C13fa3b2cf73743488820f7a4c8b41cde%7C0%7C0%7C637472134010118889%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=QnReatAxkpsJzN4PM67ljeK%2FKsu%2Fz93jKw%2FnCxlfRFk%3D&reserved=0
Thanks!
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Frichardhicks%2Faovpn%2Fissues%2F10%23issuecomment-767174085&data=04%7C01%7Cjoa%40netip.dk%7Cde9a44d3f1a746f30c8008d8c18744b6%7C13fa3b2cf73743488820f7a4c8b41cde%7C0%7C0%7C637472134010128883%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=iFe5jXz76UED2H21EKFWp3xiDs4SY7fW%2FeeT9gdiN8Q%3D&reserved=0, or unsubscribehttps://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FANLPTBXS6HZV47Q6HRREQ3DS3X3TVANCNFSM4WSNOE6A&data=04%7C01%7Cjoa%40netip.dk%7Cde9a44d3f1a746f30c8008d8c18744b6%7C13fa3b2cf73743488820f7a4c8b41cde%7C0%7C0%7C637472134010128883%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=yLb1XQApd6bTXWuvhOmg6QQjA%2BfXpzvMhrMEWFCKuDU%3D&reserved=0.
My pleasure! :)
When using "Automatic " the IKEv2 configuration is not applied to the "user tunnel". If NativeProtolType is set to IKEv2 the crypto settings will be applied succesfully. I have seen this in several installations. As your ProfileXML configuration works with both a "device tunnel" configuration and a "user tunnel" configured with IKEv2, I suspect this to be a Microsoft issue, but I just thought you should know.