IPsec VPN not working on new iPad mini 7 / iPadOS 18.1

 just received a new iPad mini (A17 Pro). It updated out-of-box to iPadOS 18.1. Then I restored it from an iCloud backup of my trade-in iPad mini (5th gen), which was also running 18.1 at the time of its immediate prior backup.

IPsec VPN on the new device is failing to negotiate a connection.

The old iPad mini, and an iPad Pro, and an iPhone 12, all running 18.1, connect successfully to the same VPN server, using, near as I can tell and to the best of my ability, all the same settings.

Settings from failing iPadOS device and working iOS device (with destination host and VPN Account obscured; screenshot removed the dots from Password and Secret, but they are there and, near as I can make them, the same underneath):

Here are logs, complete for the failing iPad, partial for the success iPad, from the server. Note that the failing iPad does resolve to the same IP Address, so that is not a problem. But its first packet to the server is 108 bytes for the failing iPad and it’s all downhill from there, vs the iPad that works, which starts out sending 848 bytes. Logs from failing iPadOS and working iOS device, server address masked:

Oct 30 08:00:29 08[NET] received packet: from 192.168.1.145[500] to zzz.zzz.zzz.zzz[500] (108 bytes)

Oct 30 08:00:29 08[ENC] invalid ID_V1 payload length, decryption failed?

Oct 30 08:00:29 08[ENC] could not decrypt payloads

Oct 30 08:00:29 08[IKE] message parsing failed

Oct 30 08:00:29 08[ENC] generating INFORMATIONAL_V1 request 309529726 [ HASH N(PLD_MAL) ]

Oct 30 08:00:29 08[NET] sending packet: from zzz.zzz.zzz.zzz[500] to 192.168.1.145[500] (76 bytes)

Oct 30 08:00:29 08[IKE] ID_PROT request with message ID 0 processing failed

Oct 30 08:00:37 07[JOB] deleting half open IKE_SA with 192.168.1.145 after timeout

Oct 30 08:02:10 05[NET] received packet: from 192.168.1.34[500] to zzz.zzz.zzz.zzz[500] (848 bytes)

Oct 30 08:02:10 05[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V V V ]

Oct 30 08:02:10 05[IKE] received NAT-T (RFC 3947) vendor ID

Oct 30 08:02:10 05[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID

Oct 30 08:02:10 05[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID

Oct 30 08:02:10 05[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID

Oct 30 08:02:10 05[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID

Oct 30 08:02:10 05[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID

Oct 30 08:02:10 05[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID

Oct 30 08:02:10 05[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID

Oct 30 08:02:10 05[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID

Oct 30 08:02:10 05[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID

Oct 30 08:02:10 05[IKE] received XAuth vendor ID

Oct 30 08:02:10 05[IKE] received Cisco Unity vendor ID

Oct 30 08:02:10 05[IKE] received FRAGMENTATION vendor ID

Oct 30 08:02:10 05[IKE] received DPD vendor ID

Oct 30 08:02:10 05[IKE] 192.168.1.34 is initiating a Main Mode IKE_SA

…

It’s been many moons since I setup the older iDevices; there may well be some key obscure step or dependency I’m forgetting. FWIW, I did read the tutorial from the router manufacturer for setting up an IPsec client on an iDevice and it didn’t suggest anything I hadn’t already checked. I also deleted the restored connection, which originally resorted without the shared secret and account password, and created a new VPN connection from scratch. No Joy. Rebooted the iPad. No Joy. I'm only having one other issue with the new iPad besides the usual friction of getting apps logged in and so forth. Everything else has been in the noise and easily sorted.

Any suggestions?!? Many thanks in advance…