Description:
This document describes how to set up an IKEv2 VPN connection between a LANCOM router and the Apple iPhone or iPad client.


Requirements:
  • LCOS version 9.24 or later (download)
  • LANtools version 9.24 or later (download)
  • iOS as of version 8 or later


Procedure:
1) Configuring the LANCOM router:
1.1) Start the Setup Wizard in LANconfig.
1.2) Select the item Provide remote access (RAS, VPN).
1.3) In the next dialog you select the option IKEv2.
1.4) Select the LANCOM Advanced VPN Client for Windows as the VPN client and deactivate the option Speed up configuration with 1-Click-VPN.
1.5) Enter the name for the VPN connection here (e.g. VPN_IPHONE).
1.6) Enter the public IP address or public DNS address of the LANCOM router.
1.7) Assign any fully qualified username in the form of an e-mail address and specify a pre-shared key.
1.8) Leave the default address "0.0.0.0" in the IP address field and click Next.
1.9) If you have not yet set up an IP address pool for VPN client access in your configuration, please do so in this dialogue.
  • Enter the IP addresses and assign an IP address for the name server to be used (in this case the LANCOM router).
1.10) The following item optionally allows you to limit the access of the Apple device VPN client to certain networks.
1.11) Deactivate the option to Store profile as LANCOM Advanced VPN Client import file.
1.12) This completes the initial configuration with the Wizard. Close the final dialog window by clicking on Finish.
1.13) Open the configuration of the LANCOM router and change to the menu VPN → IKEv2/IPSec → Encryption.
Copy the existing DEFAULT profile.
1.14) Enter a new name for the entry and deactivate the PFS.
1.15) Open the connection profile for the VPN connection in the menu VPN → IKEv2/IPSec → Connection list.
1.16) For encryption, select the step in step 1.13. created encryption profile.
1.17) Write the configuration back to the LANCOM router.


2) Configuration of the Apple iPhone or iPad:

2.1) Under the VPN setting, select the item VPN and click VPN configuration.

  • Give the connection a unique description; in our example we have taken LANCOM.
  • As Server enter the public IP address or the DNS name of the LANCOM router. The LANCOM router must be accessible via the Internet at this address.
2.2) The next step is to enter the Fully Qualified Username, which was entered into the LANCOM earlier as local identity and remote identity; in our example, this is vpn@lancom.de.
2.3) The final item in the configuration is to enter the Shared secret, which was specified in the LANCOM as the preshared key.
2.4) Save the configuration with Done.