You can connect macOS devices to Untangle NG Firewall using IPsec VPN. This type of connection can use either L2TP or IKEv2. Both connection types use full tunnel so that all Internet traffic routes through the VPN tunnel.
Before you can set up IPsec tunnels from macOS, you must properly configure the following items:
- A fully qualified hostname that resolves to the Internet IP address of your Untangle NG Firewall.
- A root SSL certificate and server certificate to match your fully qualified Internet hostname.
- Add users either via the Directory Connector app or in the local directory.
You can find instructions for each of these items in a separate KB article - Configuring an IKEv2 IPsec connection from iOS to Untangle NG Firewall.
Step 1. Install the certificate in macOS
Note: If you use a signed SSL certificate from a trusted certificate authority, this step is not necessary.
To install the certificate on the macOS device:
- Open a browser on the macOS device and navigate to http://your_firewall_host/cert
- The browser downloads the certificate file. Locate this file in your downloads folder.
- Open the file to add the certificate to your keychain.
- Open the Keychain utility.
- Search for the new certificate by your server's hostname.
- Double click the certificate and choose Always Trust.
Step 2. Configure the VPN connection
- On the macOS device go to System Preferences > Network.
- Click the add icon to create a new connection.
- Choose VPN.
- Select IKEv2 as the VPN Type and assign a Service Name to your connection.
- Click Create.
- In the Server and Remote ID, enter the fully qualified hostname of your NG Firewall.
- The Local ID remains empty.
- Click Authentication Settings..., and choose Username and enter the credentials of a user in the local directory or Directory Connector app.
- Click Ok, then Apply.