userdoc:tt_ipsec_vpn_apple_ios

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
userdoc:tt_ipsec_vpn_apple_ios [2012/09/14 16:01]
abelbeck 		userdoc:tt_ipsec_vpn_apple_ios [2013/02/19 22:52] (current)
abelbeck
Line 1: Line 1:
-====== IPsec VPN for iOS, OS X & Windows ======+====== IPsec VPN Configuration ======
  
 The popular Apple iOS platform has limited VPN options, one of which is IPsec (Cisco) which uses IPsec + XAuth. \\ The popular Apple iOS platform has limited VPN options, one of which is IPsec (Cisco) which uses IPsec + XAuth. \\
Line 16: Line 16:
 The AstLinux Web Interface is used for configuration, click on **IPsec Configuration**\\ The AstLinux Web Interface is used for configuration, click on **IPsec Configuration**\\
  
-Network tab -> VPN Type: {{:userdoc:ipsec-xauth-ipsecmobile.png?nolink|IPsec Mobile}}+Network tab -> VPN Type:\\ 
 +{{:userdoc:ipsec-xauth-ipsecmobile.png?nolink|IPsec Mobile}}
  
 The following IPsec Mobile Server Configuration (below) must be specified.  The only unique option is the //Server Cert DNS Name:// setting.  This must be the DNS name of the server, such as ''vpn.mydomain.com'' .  Wildcards may be used for iOS devices, such as ''*.mydomain.com'' or ''vpn.*.mydomain.com'' This defines the ''subjectAltName'' object in the CA certificate. The following IPsec Mobile Server Configuration (below) must be specified.  The only unique option is the //Server Cert DNS Name:// setting.  This must be the DNS name of the server, such as ''vpn.mydomain.com'' .  Wildcards may be used for iOS devices, such as ''*.mydomain.com'' or ''vpn.*.mydomain.com'' This defines the ''subjectAltName'' object in the CA certificate.
Line 96: Line 97:
 ===== Apple OS X Client Configuration ===== ===== Apple OS X Client Configuration =====
  
-After the IPsec server is configured and certificates generated, the final step is to install the CA and Peer certificates on your OS X notebook or desktop computer.+After the IPsec server is configured and certificates generated (above), the final step is to install the CA and Peer certificates on your OS X notebook or desktop computer.
  
 From the IPsec Mobile Server Configuration tab, download the credentials for the desired peer, mb13 for this example. From the IPsec Mobile Server Configuration tab, download the credentials for the desired peer, mb13 for this example.
Line 176: Line 177:
   C:\Documents and Settings\Administrator\My Documents\Shrew Soft VPN\certs   C:\Documents and Settings\Administrator\My Documents\Shrew Soft VPN\certs
  
-It is suggested to copy the CA cert (''ca.crt''), client cert (''mb13.crt''), and client unencrypted private key (''mb13.key'') for the client cert, to that location. Select these files using the "Authentication | Credentials" tab.+It is suggested to copy the CA cert (''ca.crt''), client cert (''mb13.crt''), and unencrypted client private key (''mb13.key'') for the client cert, to that location. Select these files using the "Authentication | Credentials" tab.
  
 Technically, the Shrew Soft VPN Client supports encrypted client certificate ''.p12'' containers, but you need to enter the container password every time (a real pain), so it makes more sense to use the unencrypted key with this product. Technically, the Shrew Soft VPN Client supports encrypted client certificate ''.p12'' containers, but you need to enter the container password every time (a real pain), so it makes more sense to use the unencrypted key with this product.
  
-To enable split tunneling, add the networks found on the LAN side of your Astlinux box to the list on the "Policy" tab (192.168.102.0/24 in this example).+To enable split tunneling, add the networks found on the LAN side of your Astlinux box to the list on the "Policy" tab (''192.168.102.0/24'' in this example).
  
 {{:userdoc:ipsec-xauth-shrew-soft-config1.jpg?nolink|Shrew Soft Configuration}} {{:userdoc:ipsec-xauth-shrew-soft-config1.jpg?nolink|Shrew Soft Configuration}}
  • userdoc/tt_ipsec_vpn_apple_ios.1347656505.txt.gz
  • Last modified: 2012/09/14 16:01
  • by abelbeck