Always-On IPSec VPN with IKEv2 and Apple Configurator

In order to leverage IKEv2 within your Apple Configurator environment two areas need to be modified.  

First, the root certificate from the Untangle needs to be added under the Certificates option in the Apple Configurator. The Untangle root certificate can be downloaded under Config > Administration > the Certificates tab.

Second, the VPN needs to be configured under the VPN option in the Apple Configurator. The following fields need to be filled out:

  • Connection Name - This is a reference name for administrators to quickly identify this VPN
  • Connection Type - IKEv2
  • Always-on VPN (supervised only) - ticked
  • Server - The hostname or IP address of the Untangle
  • Remote Identifier - Normally the same as the Server field, hostname or IP of the Untangle
  • Local Identifier - Can be left blank and the Apple devices IP address will be used
  • Machine Authentication - Certificate
  • Enable EAP - ticked
  • EAP Authentication - Username/Password
  • Account - Username configured under Local Directory on the Untangle
  • Password - Password for the above user


Here is a screen shot of the VPN page in Apple Configurator:

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.

  • Avatar
    Nezar Swaileh

    MiniConfig is an old configuration module, how we can do that with the new Mac-IOS version "Sierra" ?

  • Avatar
    Collen Knickerbocker

    There are numerous MDM solutions on the market for Apple products. The fields should be similar on each for IPSec deployments. I would find the corresponding fields we mention in this article on whatever software you wish to use and plug in the values described.

Powered by Zendesk