12,274
edits
This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!
mNo edit summary |
|||
(3 intermediate revisions by the same user not shown) | |||
It is possible to connect an modern Apple Mac with OSX to a FireBrick over IPSEC with IKEv2 and EAP.
=OSX versions 10.11 El Capitan, and newer=▼
==Certificates==▼
*If you have El Capitan newer, then the built in VPN connection settings should just work. ▼
*If you're not using Let's Encrypt then you will still need to install the Certificate as
*You can skip the StrongSwan parts below and just use the Network Settings to add a VPN IKEv2 connection.▼
===Create the VPN Connection===▼
[[File:Osx-firebrick-ipsec-config.png|thumb|Settings screen]]▼
#Go to Apple Menu - System Preferences▼
#Go to Network▼
#Click the + Icon on the bottom/left, and choose:▼
#*Interface: VPN▼
#*VPN Type: IKEv2▼
#*Service Name: e.g. 'FireBrick' or 'Office'▼
#On the next window fill in the information:▼
#*Server Address: Hostname or IP of your FireBrick. e.g.: server.example.com▼
#*Remote ID: The 'FQDN' of the Firebrick as created when you created the Certificate (Usually the full hostname of the FireBrick). e.g.: server.example.com▼
#*Local ID - leave empty▼
#In the Authentication Settings:▼
#*Username: your EAP Username as set on the FireBrick, e.g. fred▼
#*Password: your EAP Password as set on the FireBrick▼
#May as well tick 'Show VPN status in menu bar' as you'll then be able to connect etc. from the menu in your top bar▼
'''The details below are only useful of you have a very old mac or need to install the certificate if you're not using Lets Encrypt.'''
▲==Non-Lets Encrypt Certificates==
=== Getting the CA from the FireBrick ===
'''(This is not needed if you are using Let's Encrypt, which is strongly recommended)'''
Note: this guide doesn't go into actual configuration of the FireBrick to be an endpoint, merely how to connect your Mac client to it. Therefore, it is assumed the certificate already exists on the FireBrick. It may also be that this is emailed to you by whoever maintains your FireBrick, in which case skip this step.
FireBrick-IPsec-OSX-ImportCert.png|Import Items Menu
</gallery>
▲=OSX versions 10.11 El Capitan, and newer=
▲*If you have El Capitan newer, then the built in VPN connection settings should just work.
▲*If you're not using Let's Encrypt then you will still need to install the Certificate as above.
▲*You can skip the StrongSwan parts below and just use the Network Settings to add a VPN IKEv2 connection.
▲===Create the VPN Connection===
▲[[File:Osx-firebrick-ipsec-config.png|thumb|Settings screen]]
▲#Go to Apple Menu - System Preferences
▲#Go to Network
▲#Click the + Icon on the bottom/left, and choose:
▲#*Interface: VPN
▲#*VPN Type: IKEv2
▲#*Service Name: e.g. 'FireBrick' or 'Office'
▲#On the next window fill in the information:
▲#*Server Address: Hostname or IP of your FireBrick. e.g.: server.example.com
▲#*Remote ID: The 'FQDN' of the Firebrick as created when you created the Certificate (Usually the full hostname of the FireBrick). e.g.: server.example.com
▲#*Local ID - leave empty
▲#In the Authentication Settings:
▲#*Username: your EAP Username as set on the FireBrick, e.g. fred
▲#*Password: your EAP Password as set on the FireBrick
▲#May as well tick 'Show VPN status in menu bar' as you'll then be able to connect etc. from the menu in your top bar
=OSX version 10.10,'Yosemite' and earlier (Legacy information)=
|
edits