MultiCom Technical Support Forum Index MultiCom Technical Support
Supporting MultiCom Routers, Firewalls and VPN
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

How do I use the IPSec client of MacOSX?

 
Post new topic   Reply to topic    MultiCom Technical Support Forum Index -> 3.x IPSec
View previous topic :: View next topic  
Author Message
Support



Joined: 09 Oct 2002
Posts: 175
Location: Lausanne, Switzerland

PostPosted: Fri Mar 10, 06 14:30    Post subject: How do I use the IPSec client of MacOSX? Reply with quote

Configuring the MacOSX 10.2-10.4 IPSec client to connect to a secured network requires a detailed configuration. Fortunately there is a free software called IPSecuritas at http://www.lobotomo.com/ that makes it extremely simple to build the IPSec policy. Simply follow the instructions at the site except use a preshared key instead of a PKI certificate (a PKI certificate should also work but it has not been tested yet.)

  1. download and install the IPSecuritas program
  2. start the IPSecuritas program and click New
  3. give a name to this new connection (for example My VPN)
  4. enter the remote IP address or domain name of the remote IPSec gateway (for example ipsecgateway.example.com)
  5. enter the IP subnet of the remote protected network (for example 11.0.0.0/8)
  6. select Phase 1 and change the encryption to AES 128 (at least 3DES) or higher
  7. select Phase 2 and set PFS Group to None (it is possible to use but in this example it is turned off.)
  8. also on the Phase 2 page, set encryption to AES (or optionally 3DES, Blowfish, Cast 128)
  9. select ID/Auth and set the Preshared Secret to "firewall"
  10. select Options and activate Autostart
  11. click okay to save the connection
  12. select the new My VPN connection and click the Start IPSec button
  13. try to ping something on the remote network (for example 11.0.0.1), or visit a web page on the remote network
  14. Optionally close the connection by selecting the new My VPN connection clicking on the Stop IPSec button

Additional preferences are available in the IPSecuritas preferences screen. By default NAT-Traversal is already supported so you should be able to make a connection through a NAT firewall.

Screenshots of the MultiCom Configuration are available below.
  • IPSec Global Panel Create the new connection, enter in the IP parameters of the local side of the network with the Remote Address is 0.0.0.0/0 and Remote Gateway is 0.0.0.0, and activate Allow Subnet. This allow any IP address to try and connect and as many connections as the purchased IPSec license allows. Be sure that both IPSec and the connection are enabled.
  • IPSec Keys Panel Add the Preshared key, in this example "firewall" without any local/ remote IDs.
  • IPSec IKE Panel Choose the Preshared Key and for simplicity deactivate Perfect Forward Security (PFS) and Dead Peer Detection (DPD).
  • IPSec Options Panel Enable NAT-Traversal.
  • NAT Interface Panel If the Securewall is active then be sure to redirect UDP 500, UDP 4500 & ESP traffic to internal. Otherwise this traffic will not be allowed to the Firewall.
  • Monitor IPSec Details Panel After a connection is made the Monitor can show the status.
  • Monitor IPSec Summary Panel If more than one IPSec connection is active all of them can be shown in the Summary Panel.
  • Monitor Routes Panel For each successfully connected IPSec client there will be a new routing entry in the routing table to tell the Firewall to send that traffic to the IPSec service for encryption and delivery.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    MultiCom Technical Support Forum Index -> 3.x IPSec All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group