Configuring an IKEv2 IPsec connection from iOS to Untangle NG Firewall

Overview

You can connect iOS devices to Untangle NG Firewall using IPsec VPN. This type of connection can use either L2TP or IKEv2. Both connection types use full tunnel so that all Internet traffic routes through the VPN tunnel.

Step 1. Configure an SSL certificate for IPsec

IPsec uses SSL certificates for authenticity and encryption. Therefore it is necessary that the hostname on the certificate resolves to the IP address of NG Firewall.

  1. In the NG Firewall web administration, go to Config > Network > Hostname.
  2. Configure the fully qualified hostname that resolves to your firewall's Internet IP address.
    ipsec-hostname.png
  3. Next, go to Config > Administration > Certificates.
    ipsec-generate-ca.png
  4. Generate a new Certificate Authority that matches your fully qualified hostname.
  5. Next, generate a new server certificate with the same fully qualified hostname.
    ipsec-generate-cert.png
  6. Enable the checkbox under IPSEC to ensure that the IPsec server uses the new certificate.
  7. Click Save.

Step 2. Create a user

Client VPN connections using IPsec require a user account for authentication. Each VPN client must therefore have a corresponding user account. You can create users in the local directory or using the Directory Connector app.

Step 3. Install the certificate in iOS

Note: If you use a signed SSL certificate from a trusted certificate authority, this step is not necessary.

To install the certificate on the iOS device:

  1. Open a browser on the iOS device and navigate to http://your_firewall_host/cert
  2. When prompted about the profile, choose allow.
    ipsec-allow-profile.png
  3. Open the Settings app and tap the new profile at the top of the menu.
  4. Tap install.
    ikev2-profile-installed.png
  5. Once the profile installs, click Done.

Step 4. Configure the VPN connection

  1. On the iOS device, go to Settings > General > VPN.
  2. Click Add VPN Configuration.
    ikev2-add-conn.png
  3. Choose IKEv2.
  4. Give a description to your VPN connection.
  5. In the Server and Remote ID, enter the fully qualified hostname of your NG Firewall.
  6. The Local ID remains empty.
  7. For Authentication, choose Username and enter the credentials of a user in the local directory or Directory Connector app.
    ikev2-conn-setup.png
  8. Click Done
Follow
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk