Question IKEv2/IPsec VPN Server ?

[vesp3r]

Hi everyone,
i recently bought a new android phone and i ran into an issue regarding my vpn connections

I have a vpn server set on my router (ASUS RT-N12+) and used my old android phone to connect to the vpn and access my network. Hoowever the router supports only PPTP VPN... and my new android phone supports only IKEv2 VPNs

I tried setting up OpenVPN on one of the computers so i can connect to that but the config gave me a headache. Tried also SoftEther but turned out it doesnt support IKEv2 (or maybe i couldnt set it correctly) and i still couldnt connect through my phone
Any ideas how to deal with this?

 

[KingLoki]

What make & model are the phones?

Does the old and/or new phone have root access giving you full admin access or is it locked?

 

[KingLoki]

Did you try the openvpn setup from the asus website?

[VPN] How to set up a VPN server on ASUS router – IPSec VPN | Official Support | ASUS Global

 

[vesp3r]

What make & model are the phones?

Does the old and/or new phone have root access giving you full admin access or is it locked?

Old phone Samsung Galaxy A70 (android 11)
New Phone Samsung Galaxy S24 Ultra (android 14)

Did you try the openvpn setup from the asus website?

[VPN] How to set up a VPN server on ASUS router – IPSec VPN | Official Support | ASUS Global

The only thing i tried with openVPN was to set it up on my PC and failed misarably as i couldnt really understand the settings file etc.... Seriously why cant they make it be like "enter protocol to use, enter user name, enter password" QQ
Also on my router i see only a slider to enable or disable PPTP VPN

 

[KingLoki]

They do if you use an android installed vpn app. It can be confusing with all the settings and file configurations for lots of users.

 

[bill001g]

Like many things companies think they need to protect people from themselves. They constantly update their software under the guise of making it more secure but keep adding more and more unwanted features that end up have worse bugs.

PPTP has long been known to be not very secure. Could be they removed the support from the newer version of the OS. There should be vpn apps that support it....assuming they have not banned it from their app store. Then you have to start going to the trouble of loading it directly bypassing all the warnings that translate into "don't load this because we do not get paid our 30%"

Now "not secure" is very subjective. Most actual hacking is to steal money. If you were a large company then it would be worth the hackers efforts to break PPTP encryption. It is not just click a box and you magically get in. It still takes quite a bit of time and effort. Hacking home user does not get them much maybe access to someone local porn collection

In the longer run I would look for a newer router. There is a small chance you can load third party firmware on your router that supports newer forms of VPN. Hard to say router like the one you have there are many versions that have the same name but the internal chips are different. Some support third party firmware and other do not.

You might consider one of the newer but still old asus routers that support merlin firmware. Even the asus factory firmware has very good vpn support lately. Modern vpn like wireguad and openvpn are much simpler to setup and they tend to not be blocked by firewalls and other software.

 

[lantis3]

Most people who wants to access their home network in early days have to deal with pptp/ ipsec / openvpn and it's hard to setup.

Nowadays, you can use ZeroTier or Tailscale instead. There are many tutorials on YT. Both are open source.

Just go to ZeroTier or Tailscale websites. Both sites let you create account and download/install their software on any platform (Windows, Mac, Linux, Android) you use. They will assign virtual private ip address to each device you run the software.

After you create and join the vpn, and authorize the devices, all devices look like they are on the same local network, you just use device name or new assigned virtual ip to access each other.

Neither one requires port forwarding or public IP, you don't need to change any configuration on the router.

 

[vesp3r]

Thanks guys, I will look into it and try out some of these alternatives
Getting a new router is a whole new challenge here as even if i google exactly what i need - the stores here tend to not specify if the router supports a vpn and what type

 

[bill001g]

Best to not trust the stores at best they copy and paste data from the manufacture site.

I would first find a router that you might like and then go to the manufactures site and read the features.

Although expensive asus routers uses the software base on all their routers...at least they did s couple years ago. I can't say all their routers support vpn but a very large number do.

You can also look at tplink. Tplink is a much cheaper brand and a large number of their routers support vpn.
You should find support for openvpn on most modern routers that support vpn. Many also support wireguard it is a little less cpu intensive than openvpn but just as secure.