Always-On IPSec VPN with IKEv2 and Apple Configurator

In order to leverage IKEv2 within your Apple Configurator environment two areas need to be modified.  


First the root certificate from the Untangle needs to be added under the Certificates option in the Apple Configurator.  The Untangle root certificate can be found under Config --> Administration --> Certificates tab.  


Second the VPN needs to be configured under the VPN option in the Apple Configurator.  The following fields need to be filled out.


Connection Name - This is a reference name for administrators to quickly identify this VPN

Connection Type - IKEv2

Always-on VPN (supervised only) - ticked

Server - The hostname or IP address of the Untangle

Remote Identifier - Normally the same as the Server field, hostname or IP of the Untangle

Local Identifier - Can be left blank and the Apple devices IP address will be used

Machine Authentication - Certificate

Enable EAP - ticked

EAP Authentication - Username/Password

Account - Username configured under Local Directory on the Untangle

Password - Password for the above user


Here is a screen shot of the VPN page in Apple Configurator

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


  • Avatar
    Nezar Swaileh

    MiniConfig is an old configuration module, how we can do that with the new Mac-IOS version "Sierra" ?

  • Avatar
    Collen Knickerbocker

    There are numerous MDM solutions on the market for Apple products. The fields should be similar on each for IPSec deployments. I would find the corresponding fields we mention in this article on whatever software you wish to use and plug in the values described.

Powered by Zendesk