When the IKEv2 IPSec Client VPN certificate expires, remote VPN users will no longer be able to establish IKEv2 VPN connections. To restore connectivity, generate a new certificate and redeploy the VPN configuration to clients.
Turn off and on the Remote VPN Server: In the Nebula Control Center, navigate to the settings for your Remote VPN Server (usually under Firewall or Security Router). Disable the server, then re-enable it. This action triggers the automatic generation of a new certificate.
Download New VPN Script: Once the new certificate is generated, download the updated VPN configuration script from NCC. This script will contain the new certificate information. You can typically find this option under the IPSec VPN server settings, where you can download a ZIP file containing the certificate (.crt) and script (.bat) files.
Install on VPN Clients: Distribute and install the newly downloaded VPN script on all your VPN client devices. This ensures they are using the current certificate for secure IKEv2 connections.
When configuring IKEv2 VPN settings, ensure your Nebula Device is online for the VPN configuration script download option to be available. The default authentication type for iOS/macOS clients is Certificate, but you can change it to Username if needed.
Note: After all required steps have been completed, reboot the firewall to ensure the new certificate and VPN configuration are applied correctly.
Comments
0 commentsPlease sign in to leave a comment.