IKev2 VPN Event ID 20209 - Server Authentication

Question

I have made only one certificate for VPN access with ikev2. Within 2 days i got event id 20209, even though I didn't tried to connect. The certificate is still with me and no one else has access to it. But event viewer states that

A connection between the VPN server and the VPN client 92.63.194.91 has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47).

This IP has been flagged for VPN BruteForce attempts at many sites. I just want to know how did the manage to connect without certificate?

score 0 · Answer 1 · answered Mar 29 '20 at 06:49

The list of RRAS event IDs ends on 20208, but according to Netsurion EventTracker, 20209:

This event is logged when a connection between the VPN server and the VPN client has been established but the VPN connection cannot be completed.

This is not an event of a successful VPN connection, but a failed connection attempt. It could be the lack of the correct client certificate or a different connection type altogether. This is not something you should worry about. Notice that a connection must be established to negotiate the VPN tunnel even if it fails: it doesn't refer to a successful VPN connection.

IKev2 VPN Event ID 20209 - Server Authentication

1 Answers1