Versionen im Vergleich

Alte Version 2

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.
Seiteneigenschaften


Description:
This document describes the configuration steps necessary to set up a IKEv1 VPN connection between a LANCOM router and the Apple VPN client in MacOS X as of version 10.11 El Capitan.
Hinweis

In 2019 the IETF (Internet Engineering Task Force) has designated IKEv1 as deprecated and insecure and therefore it should not be used anymore. LANCOM Systems instead recommends to use the current standard IKEv2.

The IKEv1 functionality in LANCOM devices remains intact and can still be used for scenarios where devices without IKEv2 support are used. However LANCOM Systems will not provide any support regarding the troubleshooting of connection problems with IKEv1 connections. Also there won't be any bug fixes or new features for IKEv1.

In rare cases a disconnect can occur during rekeying. In such a case it can be useful to increase the lifetimes, so that the disconnects occur less often.

Info

The configuration of an IKEv2 connection between the built-in VPN client in macOS and a LANCOM router is described in this Knowledge Base article.



Requirements:
  • VPN client in MacOS X as of version 10.11 El Capitan
  • LCOS as of version 9 (
download



Procedure:
1) Configuration steps on the router
1.1) In the Setup Wizard, select the option Provide remote access (RAS, VPN) and click on Next.
Image Removed
Image Added
1.2) In the next dialog, select VPN client with user-defined parameters as the option for remote VPN client. Continue the configuration by clicking on Next.
Image Removed
Image Added
1.3) In the next dialog, enter a name for the VPN connection (e.g. APPLE_VPN).
Info
Tip:

You will need the name you enter here later when you come to set up the VPN connection in the VPN client (it is used as Account name). It is therefore advisable to note down the name of the VPN connection.

Image Removed

Image Added

1.4) In the following dialog you have to first select the Preshared Key and Aggressive Mode option.
1.5) Then enter any combination of characters you wish in the Preshared Key field. After entering your character combination, a second window will open for you to repeat the input.
Info
Tip :

You will need the character combination you enter as the Preshared key here at a later point when you come to set up the VPN connection in the VPN client (it is used as Shared Secret ). It is therefore advisable to note down the character combination of the preshared key.

Image Removed

Image Added

1.6) In the following dialog, check that IKE group 2 is set. If this is not the case, select the option to edit the default IKE parameters and, in the next dialog, set this to IKE group 2.
Image Removed
Image Added
1.7) In the following dialog window, select the entry Key ID (group name) for each of the items Local identity type and Remote identity type.
1.8) Enter an identity in each of the fields Local identity and Remote identity (here: apple_vpn).
Info
Tip:

You will need the names you enter here Local identity and Remote identity later when you come to set up the VPN connection in the VPN client (it is used as Group name). It is therefore advisable to note down the names you use for Local identity and Remote identity.

Image Removed

Image Added

1.9) In the next dialog window you must deactivate the option Use the PFS algorithm for this connection, as this is not supported by the VPN client. Then click on Next tocontinue.
Image Removed
Image Added
1.10) In this dialog, make sure that all of the encryption algorithms are selected.
Image Removed
Image Added
1.11) In this dialog you keep the default parameters.
Image Removed
Image Added
1.12) In the subsequent dialog, enter the local IP address that is to be assigned to the VPN client when the VPN connection is established in the IP address field. Click on Next.
Image Removed
Image Added
1.13) In the next dialog you can choose to restrict access for the VPN client to specific networks. In this example we have allowed the VPN client reach all IP addresses.
Image Removed
Image Added
1.14) Click on Next and in the final dialog to confirm the end of the Setup Wizard by clicking on the Finish button.
Image Removed
Image Added
1.15) The settings you made will now be transferred to the router’s configuration.
18) After the settings have been successfully transferred to the router, you must perform a right mouse-click on the router and select the option Configure from the context menu.
1.16) Select VPN
->
IKE/IPSec
->
General
->
Connection list.
1.17) In the connection list, mark the VPN connection with the name APPLE_VPN and click on the Edit... button.
1.18) In the Edit Entry window, change the value of the XAUTH field to the Server option.
1.19) Click on the OK button to accept the changed setting and to close the dialog window.
Image Removed
Image Added
1.20) Select Communication
->
Protocols
->
PPP list.
1.21) Click on the Add option and select from the Remote site option in the dialog that follows the remote site you configured in configuration step 1.3 (here: APPLE_VPN).
1.22) You do not need to enter anything in the User name field.
1.23) Enter a password of your choice in the Password field.
Tip:
Info

You will need the password you enter here later when you come to set up the VPN connection in the VPN client (it is used as Password). It is therefore advisable to note down this password.

1.24) Click on the OK button to accept the changed setting and to close the dialog window.

Image Removed
Image Added
1.25) In the configuration dialog, click on the OK button to finish manual configuration and to transfer the changes settings to the router. The configuration of the LANCOM VPN gateway is now complete.



2) Configuring the VPN client in MacOS X as of version 10.11 El Capitan

2.1) In the Network configuration dialog window, click on the + button (marked red in the figure below) and select the option VPN (Cisco IPSec).

Image Removed

Image Added

2.2) Enter the following in the fields Server Address, Account Name and Password:

  • Server address: Enter the public IP address or the DynDNS address where the LANCOM router can be reached.
  • Account name: Enter the name of the VPN connection that you assigned to the VPN connection in step 1.3 of the LANCOM configuration (in this example it is apple_vpn).
  • Password: Enter the password that you assigned in step 1.24 of the LANCOM configuration.
Image Removed
Image Added
2.3) Click the Authentication settings... button.
2.4) In the Machine Authentication dialog, select the Shared Secret option and enter the character combination in the input field that you assigned in step 1.5 of the LANCOM configuration.
2.5) In the Group Name field enter the name that you assigned as the Local identity and the Remote identity in step 1.8 of the LANCOM configuration (in this example it is apple_vpn).
2.6) Click on the OK button to accept your settings.
Image Removed
Image Added
2.7) If you wish, you can click on the option Advanced... in the Network configuration dialog and assign additional DNS servers for the VPN tunnel.
2.8) Click on the OK button to accept the data and return to the Network configuration dialog.
2.9) If you wish to have a better view of the status of the VPN connection you should activate the option Show VPN status in menu bar.
Image Removed
Image Added
2.10) Click on the Connect button to establish the VPN connection.
2.11) The VPN client has now been successfully configured.