Ikev2Only

Sep 16, 2010 at 6:37 PM

Hi,

I'm trying to generate  IKEv2 VPN entries in the phonebook, so I started out the example included with the SDK:

  • Unchanged example: runs fine.
  • Changed the DotRas reference to the Win7 binary (to include the Ikev2Only strategy): runs fine.
  • Changed GetDeviceByName to look for an IKEv2 device: runs fine.
  • Changed RasVpnStrategy from Default to Ikev2Only: fails.

Other strategies, including SstpOnly work fine, but as soon as I switch to Ikev2Only I get an exception when adding the phonebook entry.

The exact error is: ArgumentException was unhandled: 'entry' must have the PhoneNumber, DeviceType, DeviceName, FramingProtocol, and EntryType properties set as a minimum. Parameter name: entry

I'm guessing that with other strategies all these values are set to a default, but for Ikev2 it's not? Any ideas?

Thanks.

Coordinator
Sep 17, 2010 at 3:15 AM

At first I thought it was something as simple as the RasDevice.GetDeviceByName call not returning the IKEv2 device as expected but after some further investigation it seems the exception is thrown from the call to RasSetEntryProperties. I checked the SDK, and there isn't anything noted for any other required data when using the IkeV2Only VPN strategy. I also confirmed the enum value matches what the SDK defined, so that's not the problem either. Even calling Update on the entry once that strategy has been set after the entry already exists in the phonebook causes the exception. I can only imagine something else on RasEntry is required for the IkeV2Only strategy to work. I have confirmed the IkeV2First VPN strategy works as expected.

I'll check with Microsoft on their forums and see what I can find out as to why this VPN strategy does not work, or what else is required for it to function. I'll make a work item here to track resolution.

For now, I'd suggest using IkeV2First VPN strategy.

Coordinator
Sep 17, 2010 at 3:16 AM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.
Coordinator
Sep 17, 2010 at 4:25 AM

Found the problem, took a bit of effort to compare the connection with one created by Windows - there were a few options set differently between the standard VPN strategies and the IKEv2 standard connection.

entry.Options.RequireDataEncryption = true;
entry.Options.RequireEap = true;
entry.Options.RequireEncryptedPassword = false;

With the above flags set, the strategy will work as intended. I'm changing the code for both IkeV2First and IkeV2Only strategies to keep them consistent in the CreateVpnEntry method. You can either get latest once I've finished updating the unit tests and do a build for yourself, or you can just set the properties on your own.

- Jeff

 

Sep 17, 2010 at 5:32 AM

Impressed with your fast and thorough response! 

I'll use the work-around for now and set the options explicitly. Thanks a lot!

 

Coordinator
Sep 17, 2010 at 2:14 PM
Edited Sep 17, 2010 at 2:14 PM

What can I say, I aim to please. Happy coding!