<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>I am trying to configure IKEv2 connection against an iphone iOS 9 device. <div>I am able to get the vpn to come up. But I can not get more than one client able to push traffic through the VPN to the internet if connected to the same wifi network (i.e.: same public ip).</div><div>Both have valid connections vpn connections.</div><div><br></div><div>I have a very similar setup to my ikev1 configuration, but it would assign individual IP's as traffic selectors, versus ikev2 seems to put the whole subnet from ipsec statusall per connection</div><div><br></div><div>ie:</div><div>ikev1: <span style="color: rgb(98, 249, 0); font-family: 'Andale Mono'; font-size: 12px; background-color: rgb(0, 0, 0);">0.0.0.0/0 === 10.252.0.2/32</span></div><div>ikev2 <span style="color: rgb(98, 249, 0); font-family: 'Andale Mono'; font-size: 12px; background-color: rgb(0, 0, 0);">0.0.0.0/0 === 10.252.0.0/16</span></div><div><br></div><div>Below is my conn entry:</div><div><br></div><div><p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);">conn iphone-ios8-ikev2</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024! # Win7 is aes256, sha-1, modp1024; iOS is aes256, sha-256, m odp1024; OS X is 3DES, sha-1, modp1024</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> esp=aes256-sha256,aes256-sha1,3des-sha1! # Win 7 is aes256-sha1, iOS is aes256-sha256, OS X is 3des-shal1</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> keyexchange=ikev2</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> rightauth=pubkey</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> left=%defaultroute</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> #leftsourceip=%config</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> leftid=@*.domain.com</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> leftsubnet=0.0.0.0/0</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> leftfirewall=no</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> leftcert=validCert.pem</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> leftsendcert=always</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> right=%any</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> rightsubnet=10.252.0.0/16</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> #rightsourceip=%config</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> rightsourceip=10.252.0.0/16</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> type=transport</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> #rightsendcert=always</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> eap_identity=%any</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> forceencaps=yes</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> fragmentation=yes</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);"> auto=add</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0); min-height: 14px;"><br></p><div><br></div>Below is the output of ipsec statusall:</div><div><p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);">iphone-ios8-ikev2-singlecert[2]: ESTABLISHED 3 minutes ago, 107.170.72.232[domain.com]...96.45.197.22[0B0F98DB052278DC4665135C7EC97A4E31991A74]</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);">iphone-ios8-ikev2-singlecert[2]: IKEv2 SPIs: 52ff6b0aaa621567_i b852c16ab1f05f10_r*, public key reauthentication in 51 minutes</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);">iphone-ios8-ikev2-singlecert[2]: IKE proposal: 3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);">iphone-ios8-ikev2-singlecert{2}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: caa83fc0_i 09edb239_o</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);">iphone-ios8-ikev2-singlecert{2}: 3DES_CBC/HMAC_SHA1_96, 60104 bytes_i (384 pkts, 51s ago), 92776 bytes_o (312 pkts, 54s ago), rekeying in 11 minutes</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);">iphone-ios8-ikev2-singlecert{2}: 0.0.0.0/0 === 10.252.0.0/16 </p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);">iphone-ios8-ikev2-singlecert[1]: ESTABLISHED 3 minutes ago, 107.170.72.232[domain.com]...96.45.197.22[93C7AACB6BEDE86EB4FDBDC35C520C15205B9714]</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);">iphone-ios8-ikev2-singlecert[1]: IKEv2 SPIs: 62497d4b160b041e_i 819b74662f867de9_r*, public key reauthentication in 50 minutes</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);">iphone-ios8-ikev2-singlecert[1]: IKE proposal: 3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);">iphone-ios8-ikev2-singlecert{1}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c6c41add_i 0af27f57_o</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);">iphone-ios8-ikev2-singlecert{1}: 3DES_CBC/HMAC_SHA1_96, 8870 bytes_i (74 pkts, 51s ago), 11537 bytes_o (46 pkts, 54s ago), rekeying in 11 minutes</p>
<p style="font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(98, 249, 0); background-color: rgb(0, 0, 0);">iphone-ios8-ikev2-singlecert{1}: 0.0.0.0/0 === 10.252.0.0/16 </p><br><br>Any help would be appreciated.</div><div><br></div><div>Thanks,</div><div>Josh<br><br><hr style="width:100%;height:2px;"><br><br><br>Joshua J. Gross<br></div> </div></body>
</html>