---------------------------------------------------------------------------- RV260/RV34X C2S IKEv2 VPN Server for MacOS-iOS Clients using PSK-auth only --------------------------------------------------------------------------- - Configure the C2S server on RV34X/RV260 as below: Step-1: In the Ipsec-Profiles, configure the below ipsec-algo-profile used by Mac-iOS clients Name: Ikve2MaciOSClientsProfile Version: IKEv2 Phase-1: AES128-SHA1-GROUP2; Lifetime: 28800sec Phase-2: ESP; AES256-SHA256; pfs=no; lifetime:3600sec - apply and do a permanent save too Step-2: In Basic Settings tab - add and configure a C2S vpn server as below: Enable: Yes/Checked Tunnel Name: Ikev2_MaciOSClients_wPSKonly Ipsec Profile: Ikve2MaciOSClientsProfile Interface: WAN IKE Authentication Method Pre-shared Key: Test$123456789 Local Identifier: - select FQDN - enter this server fqdn/dns-name: rv34x.servergw.local Remote Identifier: - select FQDN - enter * (star/asterix) as the wildcard value here. - Note: This wildcard */asterix-star is required, to support multiple mac-ios clients to connect to this vpn-server using psk-auth Extended Authentication: DISABLE/UNCHECKED - Note: DO NOT ENABLE/SELECT EXTENDED AUTHENTICATION Pool Range for client lan: Start ip: 10.30.1.100 End ip: 10.30.1.150 Step-3: In the Advanced settings tab Remote Endpoint : Dynamic IP - It should be Dynamic IP only as multiple clients will be connecting to this server Local Group Setup Local IP Type: ANY Mode Configuration dns/wins/default-domain/etc: to be configured as per the user requirements Step-4: Click on Apply and do a permanent save too ################################################################## ---------------------------- On MacOS/iOS/IPad Clients ----------------------- For IKEv2 tunnel with PSK only: 1. On the desktop of Mac-client..click on the wifi-icon...and Go to “Open Network Preferences” 2. Click on + to create a new service.. - select the VPN interface - IKEv2 as VPN type, and - give a name “ClientV2_wPSK” 3.In page that is displayed, click first on “Authentication Settings” - Select “None” only, and do not select certificate (or Use-Certificate) - For PSK-based IKEv2-auth, Select the “Secret” and enter the Pre-Shared-Key e.g: Test$123456789 4. Now we are back to main config page a) Enter the "Server Address" as dns-name of the RV34X/RV260 Router's wan-ipaddress - say for e.g "rv34x.servergw.local" Note: This FQDN/dns-name should-be/MUST-be resolvable by the dns-server configured on the mac-client to the public-ipaddress of the wan-interface of RV34X/RV260 b) For "Remote-ID" enter the value "rv34x.servergw.local" (enter without the quotes) c) For "Local-ID" keep the value empty, do not edit or enter any value here 5. you are done (and save the config). If the C2S-server on RV34X/RV260 is ready, then you may click on connect on this mac-os/ipad/ios client ==============================================================