Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick Road Warrior OSX: Difference between revisions

← Older edit
Content deleted Content added
AA-Andrew (talk | contribs)
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,616 edits
AA-Andrew (talk | contribs)
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,616 edits
 
(11 intermediate revisions by the same user not shown)
Line 2: Line 2:




It is possible to connect an modern Apple Mac with OSX to a FireBrick over IPSEC with IKEv2 and EAP.
It is possible to connect an Apple Mac with OSX to a FireBrick over IPSEC with IKEv2 and EAP. Regrettably the IPSEC facilities within OSX before version 'El Capitan' are not fully enough featured to achieve this alone, so some additional VPN client software can be installed called StrongSwan. Details below describe how to install the CA certificate from the FireBrick to your Apple computer and then how to set up the VPN connection either by using El Capitan's built in VPN settings or by using StronSwan.


=OSX versions 10.11 El Capitan, and newer=
== Getting the CA from the FireBrick ==
*If you have El Capitan newer, then the built in VPN connection settings should just work.
*If you're not using Let's Encrypt then you will still need to install the Certificate as below.
*You can skip the StrongSwan parts below and just use the Network Settings to add a VPN IKEv2 connection.


===Create the VPN Connection===
'''(This is not needed if you are using Let's Encrypt)'''
[[File:Osx-firebrick-ipsec-config.png|thumb|Settings screen]]

#Go to Apple Menu - System Preferences
#Go to Network
#Click the + Icon on the bottom/left, and choose:
#*Interface: VPN
#*VPN Type: IKEv2
#*Service Name: e.g. 'FireBrick' or 'Office'
#On the next window fill in the information:
#*Server Address: Hostname or IP of your FireBrick. e.g.: server.example.com
#*Remote ID: The 'FQDN' of the Firebrick as created when you created the Certificate (Usually the full hostname of the FireBrick). e.g.: server.example.com
#*Local ID - leave empty
#In the Authentication Settings:
#*Username: your EAP Username as set on the FireBrick, e.g. fred
#*Password: your EAP Password as set on the FireBrick
#May as well tick 'Show VPN status in menu bar' as you'll then be able to connect etc. from the menu in your top bar



'''The details below are only useful of you have a very old mac or need to install the certificate if you're not using Lets Encrypt.'''

==Non-Lets Encrypt Certificates==

=== Getting the CA from the FireBrick ===

'''(This is not needed if you are using Let's Encrypt, which is strongly recommended)'''


Note: this guide doesn't go into actual configuration of the FireBrick to be an endpoint, merely how to connect your Mac client to it. Therefore, it is assumed the certificate already exists on the FireBrick. It may also be that this is emailed to you by whoever maintains your FireBrick, in which case skip this step.
Note: this guide doesn't go into actual configuration of the FireBrick to be an endpoint, merely how to connect your Mac client to it. Therefore, it is assumed the certificate already exists on the FireBrick. It may also be that this is emailed to you by whoever maintains your FireBrick, in which case skip this step.
Line 16: Line 45:
#At the right hand end of the row corresponding the certificate you wish to download, click on the PEM link.
#At the right hand end of the row corresponding the certificate you wish to download, click on the PEM link.


== Installing the CA certificate into OSX ==
=== Installing the CA certificate into OSX ===
'''(This is not needed if you are using Let's Encrypt)'''
'''(This is not needed if you are using Let's Encrypt)'''


Line 31: Line 60:
</gallery>
</gallery>


=OSX version 10.10,'Yosemite' and earlier (Legacy information)=
=OSX versions 10.11 El Capitan, 10.12 Sierra and above=
If you have El Capitan or Sierra then the built in VPN connection settings should just work. If you're not using Let's Encrypt then you will still need to install the Certificate as above, but you can skip the StrongSwan parts below and just use the Network Settings to add a VPN IKEv2 connection.

==Create the VPN Connection==
#Go to Apple Menu - System Preferences
#Go to Network
#Click the + Icon on the bottom/left, and choose:
#*Interface: VPN
#*VPN Type: IKEv2
#*Service Name: e.g. 'FireBrick' or 'Office'
#On the next window fill in the information:
#*Server Address: Hostname or IP of your FireBrick. e.g.: server.example.com
#*Remote ID: The 'FQDN' of the Firebrick as created when you created the Certificate (Usually the full hostname of the FireBrick). e.g.: server.example.com
#*Local ID - leave empty
#In the Authentication Settings:
#*Username: your EAP Username as set on the FireBrick, e.g. fred
#*Password: your EAP Password as set on the FireBrick
#May as well tick 'Show VPN status in menu bar' as you'll then be able to connect etc. from the menu in your top bar

=OSX version 10.10,'Yosemite' and earlier=
For versions 10.10 and earlier you'll need to use the StronSwan program. You will still need to install the CA certificate as above.
For versions 10.10 and earlier you'll need to use the StronSwan program. You will still need to install the CA certificate as above.


== Downloading & installing the StrongSwan Native Client ==
=== Downloading & installing the StrongSwan Native Client ===

'''Usually on OSX, you can simply use the built in VPN settings as above.'''


Visit [http://download.strongswan.org/osx/ the download site] and download the latest binary. At the time of writing the latest version was '''strongswan-5.3.2-1.app.zip'''. Allow the machine to unarchive it; usually by selecting the "Open with Archive Utility" option. This will deposit the StrongSwan.app into your downloads directory. Drag the app from the downloads directory into your Applications folder. This completes installation of the StrongSwan Client.
Visit [http://download.strongswan.org/osx/ the download site] and download the latest binary. At the time of writing the latest version was '''strongswan-5.3.2-1.app.zip'''. Allow the machine to unarchive it; usually by selecting the "Open with Archive Utility" option. This will deposit the StrongSwan.app into your downloads directory. Drag the app from the downloads directory into your Applications folder. This completes installation of the StrongSwan Client.
Line 60: Line 72:
StrongSwanOSXscreenshot.png|strongSwan OSX
StrongSwanOSXscreenshot.png|strongSwan OSX
</gallery>
</gallery>

==Configure strongSwan==
===Configure strongSwan===
Run strong swan by either:
Run strong swan by either:
#Go to Applications and click on the strongSwan icon
#Go to Applications and click on the strongSwan icon
Line 80: Line 93:
</gallery>
</gallery>


==Connect!==
===Connect!===
#Click on the <del>Dalek</del> StrongSwan icon once more,
#Click on the <del>Dalek</del> StrongSwan icon once more,
#Click your connection name then connect.
#Click your connection name then connect.
Retrieved from "http://support.aa.net.uk/FireBrick_Road_Warrior_OSX"