Results 1 to 5 of 5
  1. #1
    Untanglit
    Join Date
    Dec 2018
    Posts
    19

    Default IKEv2 Connection from IOS using Apple Configurator Profile

    Hi all,

    I'm a pfSense user and dabbling with Untangle which I like so far, but having trouble setting one particular item up. Under pfSense, I have multiple IOS devices connecting via IKEv2; I chose IKEv2 because its ability to aggressively reconnect and also it allows for "On Demand" rules by manually editing Apple Configurator files. Here's how a peer generally connects using DDNS:

    iPhone --> ddns.ddns.net (DDNS) --> Verizon FIOS (192.168.1.1) --> Untangle (Router Mode, WAN: 192.168.1.234, LAN: 192.168.2.1)

    Unfortunately, the FIOS router I have doesn't allow bridging so I have to double NAT and DMZ, but this has never caused an issue with my pfSense setup. I can get this to work via Xauth and L2TP so I know its reaching the network, but it won't connect with IKEv2 using a tunnel. Based on Untangle's article on this topic, it would seem this should work. With pfSense, I've done this by adding a .p12 file in addition to the CA and Server certificates in Apple Configurator, but that doesn't seem possible with Untangle so I'm using username/password. I keep receiving a user authentication error so I'm sure there's something wrong with my tunnel setup. Given the information above, any help on what I should include in the tunnel setup would be appreciated. Thanks for the help!

  2. #2
    Untanglit
    Join Date
    Dec 2018
    Posts
    19

    Default

    Anyone have any ideas or have this working in their setup?


    Sent from my iPhone using Tapatalk

  3. #3
    Untanglit
    Join Date
    Dec 2018
    Posts
    19

    Default

    After some back and forth with Untangle Support, it seems an IOS update along the way may have broken this functionality. Looks like IPSec, L2TP, and OpenVPN are the only options for now.

  4. #4
    Master Untangler
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    658

    Default

    Back when I was connecting iOS devices via VPN (for VDI) I settled on OpenVPN even though it meant installing the client. Since we were already doing site-to-site via OpenVPN that just seemed straightforward and natural. Today I might take a stab at IPsec instead since there's a native implementation in iOS.

    I say that just to note that among the iOS users here, few probably had reason to need IKEv2. I'm glad Untangle support was able to have a conversation with you since none of us were helpful. I'm sorry your first interactions here in the forum weren't more useful.

  5. #5
    Untanglit
    Join Date
    Dec 2018
    Posts
    19

    Default

    No worries. It seems I was able to get the on demand functionality with IPSec working by manually editing the profile using a text editor. It now reconnects upon any dropped connections using specified rules.


    Sent from my iPhone using Tapatalk

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2