Results 1 to 7 of 7

Thread: IKEv2 on Mac OS

  1. #1
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    669

    Default IKEv2 on Mac OS

    I've been unable to get a Mac OS X 10.11 or 10.14 laptop to connect to Untangle's IKEv2 VPN.

    I've imported into the OS X Keychain Untangle's CA cert & machine cert. I've regenereated both certs to ensure they have the WAN IP included in the SANs. Then imported into Mac OS Keychain again & marked as trusted for all purposes.

    I've rebuilt the VPN multiple times. Simplified & shortened the user password (for troubleshooting) in the Untangle Local Directory.

    I'm not sure what else to try.

    But I realize there may be some inherent compatibility issues between Untangle's current implementation of IKEv2, and Apple's in Mac OS. So maybe this will take the outside vendors to solve, in which case I need to go find a different solution for now (probably OpenVPN).

    The Untangle is on 14.1.2.20190401T184625.3e1709127f-1stretch

    Any ideas? Anyone out there actually been able to get a Mac OS computer to connect to Untangle via IKEv2?

    Thanks!
    -
    Doug

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,522

    Default

    Quote Originally Posted by dmor View Post
    I've been unable to get a Mac OS X 10.11 or 10.14 laptop to connect to Untangle's IKEv2 VPN.
    I've added the steps for Mac IKEv2 VPN to the IPsec FAQ. The step you were probably missing is marking the installed the root CA as trusted.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    669

    Default

    jcoffin,

    Thank you very much for taking the time to document that. I am sure it will serve untangle customers well, and I know it is time-consuming to do that kind of thing.

    I did actually important to ca cert into keychain access and marked it as trusted for all purposes. But I will review your updated wiki instructions and try again. Thanks again. Much appreciated!


    Sent from my iPhone using Tapatalk

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,522

    Default

    The only other issue I can think of is the root CA is not in the system key. Mac by default puts it in local not system where it should be. Also it should be the root CA not the Untangle certificate.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    669

    Default

    John,

    Based on the wiki, I need to set the Remote ID field on the Mac to the hostname on the certificate. I assume you are referring to the certificate’s Common Name?

    I was using the Untangle public IP in this field, which happens to be a SAN on the cert.

    Can you confirm a SAN is not acceptable in the Remote ID field? If so, that would be my problem.


    Sent from my iPhone using Tapatalk

  6. #6
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,522

    Default

    You need the entire name at /admin/index.do#config/network/hostname hostname + domain name
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    669

    Default

    Quote Originally Posted by jcoffin View Post
    You need the entire name at /admin/index.do#config/network/hostname hostname + domain name
    Ok. I’ll test it out ASAP. Thanks again!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2