Description:

This article describes how the Advanced VPN Client is used to establish an IKEv2 connection to a LANCOM router with an IPv6 address.


Requirements:


Scenario:

Establish the IKEv2 connection via an IPv6 gateway and communicate via IPv4:


Establish the IKEv2 connection via an IPv6 gateway and communicate via IPv6:



Procedure:

Establish the IKEv2 connection via an IPv6 gateway and communicate via IPv4:

Set up the IKEv2 connection using the setup wizard Provide remote access (RAS, VPN) and import the profile file into the Advanced VPN Client.



Establish the IKEv2 connection via an IPv6 gateway and communicate via IPv6:

1) Set up the IKEv2 connection on the LANCOM router:

1.1) Set up the VPN connection using the setup wizard:

1.1.1) Open the setup wizard for the router, select the option Provide remote access (RAS, VPN) and click Next.

1.1.2) Make sure that IKEv2 is selected and click Next.

1.1.3) Click Next.

1.1.4) Make sure that the option LANCOM Advanced VPN Client for Windows is selected and deactivate the option Speed up your configuration with 1-Click-VPN. Then click on Next.

1.1.5) Activate the option IPSec-over-HTTPS enabled so that in the event of communication problems via IPsec, the fallback option IPSec-over-HTTPS can be used instead. Then click on Next.

Do not activate this option if the TCP port 443 (HTTPS) is already being used (e.g. for port forwarding), as this will prevent IPsec-over-HTTPS from working.

1.1.6) Enter a descriptive name for the VPN connection and then click on Next.

1.1.7) Leave the field Address of this router empty. The connection in the Advanced VPN Client is created via the setup wizard, so no profile file is required. Then click on Next

1.1.8) Modify the following parameters and click Next:

1.1.9) Leave the entry at the default value 0.0.0.0. Since the IKE Config mode is used, there is no need to enter a fixed IP address here. Then click on Next.

1.1.10) Create a new IP address pool if none is available already. Otherwise, select an available pool. Then click on Next.

The IP addresses specified in the address pool are reserved for VPN dial-in connections and are no longer available for assignment by the DHCP server integrated in the router. Be certain that there are enough IP addresses available for the DHCP server to use.

Although the IPv4 address pool is not required for IPv6 communication (see step 1.2.5), the setup wizard asks for it so it has to be created.

1.1.11) Leave the setting as the option Allow all IP addresses to be reachable for the VPN client and click on Next.

1.1.12) Click on Finish to write the configuration back to the router.


1.2) Manual configuration steps in the router:

1.2.1) Open the configuration of the router in LANconfig and navigate to VPN → IKEv2/IPsec → IPv6 addresses.

1.2.2) Create a new entry and modify the following parameters:

Please note that IPv6 is based on a hexadecimal system and not a decimal system. This example has 25 addresses available for VPN dial-in.

1.2.3) Navigate to the menu VPN → IKEv2/IPsec → Connection list.

1.2.4) Mark the VPN connection created in step 1.1 and click on Edit.

1.2.5) Modify the following parameters:

1.2.6) This concludes the configuration of the VPN connection on the router. Write the configuration back to the router.



2) Set up the IKEv2 connection in the Advanced VPN Client:

2.1) Set up the VPN connection using the setup wizard:

2.1.1) Start the Advanced VPN Client and navigate to the menu Configuration → Profiles.

2.1.2) Click on Add/Import to create a new VPN connection.

2.1.3) Leave the setting for the option Link to Corporate Network Using IPsec unchanged and click on Next.

2.1.4) Enter a descriptive profile name and then click on Next.

2.1.5 Wählen Sie im Dropdownmenü das verwendete Communication Media aus und klicken auf Next.

Werden wechselnde Verbindungsmedien verwendet, so muss die Option automatic media detection ausgewählt werden.

2.1.6 Tragen Sie als Gateway die IPv6-Adresse oder die entsprechende DNS-Adresse des Routers ein und klicken auf Next.

2.1.7 Passen Sie die folgenden Parameter an und klicken auf Next:

2.1.8 Passen Sie die folgenden Parameter an und klicken auf Weiter:

2.1.9 Wählen Sie im Dropdownmenü bei IP Address Assignment die Option IKE Config Mode aus und klicken auf Next.

2.1.10 Klicken Sie auf Finish, um den Setup-Assistenten abzuschließen.

Bei Kommunikation per IPv6 darf im Split-Tunneling kein Eintrag hinterlegt werden!


2.2 Manuelle Konfigurations-Schritte im Advanced VPN Client:

2.2.1 Markieren Sie das in Schritt 2.1 erstellte Profil und klicken auf Edit.

2.2.2 Wechseln Sie in den Reiter IPSec General Settings und wählen im Dropdownmenü bei Tunnel IP Version die Option IPv6 aus. 

2.2.3 Die Konfiguration der VPN-Verbindung ist damit abgeschlossen. Bestätigen Sie die Änderung mit einem Klick auf OK.