[HarpingOn]

Wasted many hours on this last night, is there a solution?

( tl ; dr - the modern metro VPN settings page on Windows 10 produces bogus client configurations that don't work )

So, I'm trying to set up VPN to my home server, so I can access my LAN resources whilst out, and so that I can securely use public WiFi.

I'm using OpenWRT and StrongSwan to create an ipsec IKEv2 VPN server.

I've downloaded and installed the certificates on to my Windows 10 Mobile, (950XL on Insider Preview).

Using the built-in VPN provider in Windows 10 Mobile, I can't connect to the VPN though, I get various errors relating to IKE authentication problem, and the server logs also show problems around eap-mschapv2

I used the StrongSwan client on Android, it connected right away. This told me my server set up was correct, and it was likely a client issue.

here's the killer though, I tried to set up the VPN on my desktop Windows 10 as well, as it was easier to keep re typing all those details. What I found was this:

The 'modern' (universal? metro?) settings page for VPN just doesn't work for me at all on desktop Windows 10. Nor it seems, on Windows 10 Mobile. I can create a connection there, but it never works. I'm using username/password IKEv2 authentication via eap-mschapv2.

Thing is, on Desktop Windows 10, I can use the control panel, and set up the same VPN details and credentials using the traditional control panel networking tools and ... it works. I don't know if to be happy or sad about that. Happy that after several hours of pain, I figured out what the problem was, and that it wasn't in the end anything to do with my VPN server setup. Sad that I wasted so much time.

So the question is, can I set up an IKEv2 VPN on Windows 10 Mobile using method other than the modern metro VPN app? Because that screen just produces a bogus client configuration. Can I do it the 'control panel' way on Windows 10 Mobile?

If not, what's the solution?

[HarpingOn]

I changed my VPN server to work on certificates only.

This hasn't helped.

If I create the VPN with the Control Panel, I can connect. No userid or password, just with the certs.

If I create the VPN with the "Network & Internet" modern interface, then it won't connect, giving:

VPN type
IKEv2

Type of sign-in info
Certificate

Save

Connect :
"A certificate could not be found that can be used with this Extensible Authentication Protocol"

But, using the control panel to create the VPN:

IKEv2, Use Machine Certificates... Connected.

Still have to connect the VPN with the modern UI, but that works, if the connection is created with Control Panel.

So, same question really. Is there any way I can replicate the set up via Control Panel when using Windows 10 Mobile ?

Running 10586 on desktop and mobile.

[eehsun]

Not directly pertinent to your issue but for what it's worth, I faced issues with TorGuard VPN IKEv2 connection on Windows 10 Mobile, where although I'd installed their certificate and configured the settings properly, I kept getting the error "The context has expired and can no longer be used" in addition to the occasional Error 812. The support told me only that this was a generic error and that it "could be many things".

[Corwin_Amber1]

Same for me using W10m preview, 950XL, build 10586.107 (was last week ;)).
I was unable to build a VPN connection. Tried for hours. I am doing this for a life, so I think I am quite versed in it. All debugging to no avail...

[JC_Yang]

Hi, I know this thread is dated. But I hope this can somehow help you to learn our situation.

https://technet.microsoft.com/en-us/...=vs.85%29.aspx
this Technet document suggest we should use a MDM system to deploy the configuration of a certificate authenticated VPN profile to Windows 10 and Mobile devices, this is probably the only option.
In a nutshell, the VPN configure UI of Windows 10 is broken in this way.
And I've tried start a thread in the technet forum, no response after several days.
https://social.technet.microsoft.com...n10itpromobile

FYI, I've successfully setup IKEv2 servers with certificate authentication for iOS/android/Windows devices long time ago. When work with WP8.1, it's great.
AFAIK, the only way to make it work in a native Windows 10 Mobile device is using a MDM system which support Win10 and its VPN configuration.
If you have a WP8.1 capable device, rollback to WP8.1, configure the VPN there, then upgrade to Windows 10, your VPN configure will be kept.
Good luck

[JC_Yang]

Microsoft may think only corporation/company/gov use VPN, they think everyone use VPN should have a MDM system at hand. F**k them for the fool UI design.