From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Easy IPsec connections for macOS & iOS
Date: Thu, 28 May 2020 17:58:34 +0000 [thread overview]
Message-ID: <20200528175850.12638-1-michael.tremer@ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 961 bytes --]
Hello,
I have created a couple of patches for review. They intoduce creating
IPsec roadwarrior connections for Apple devices.
IPsec connections can be easily exported as an XML structure which
can be imported into any iOS or macOS device.
Those connections allow that all traffic from that device can be
routed through an IPFire instance in a data center and split-horizon
VPNs are supported, too.
The configuration is as simple as usual although Apple has some
(sane) requirements to certificate lifetimes and really makes sure
that they are talking to the correct peer.
I have added a wiki page that explains how the connection needs to
be set up:
https://wiki.ipfire.org/configuration/services/ipsec/apple
I would like to encourage everyone to review my patches and test them
as well as the provided documentation.
As soon as I have some feedback, I would like to put this patchset
forward to be merged into the next Core Update.
Best,
-Michael
next reply other threads:[~2020-05-28 17:58 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-28 17:58 Michael Tremer [this message]
2020-05-28 17:58 ` [PATCH 01/16] IPsec: Use sane defaults for certificate lifetimes Michael Tremer
2020-05-28 17:58 ` [PATCH 02/16] IPsec: Add prototype to export Apple Configuration profiles Michael Tremer
2020-05-28 17:58 ` [PATCH 03/16] perl: Package Data::UUID Michael Tremer
2020-05-28 17:58 ` [PATCH 04/16] vpnmain.cgi: Generate random UUIDs Michael Tremer
2020-05-28 17:58 ` [PATCH 05/16] vpnmain.cgi: Add field for roadwarrior endpoint Michael Tremer
2020-05-28 17:58 ` [PATCH 06/16] vpnmain.cgi: Fix indentation on Apple profiles Michael Tremer
2020-05-28 17:58 ` [PATCH 07/16] IPsec: Apple: Enable PFS on client when enabled Michael Tremer
2020-05-28 17:58 ` [PATCH 08/16] IPsec: Apple: Add desired cipher suites to profiles Michael Tremer
2020-05-28 17:58 ` [PATCH 09/16] IPsec: Apple: Stop prompting for credentials Michael Tremer
2020-05-28 17:58 ` [PATCH 10/16] IPsec: Allow sending DNS server addresses to RW clients Michael Tremer
2020-05-28 17:58 ` [PATCH 11/16] IPsec: Always send our host certificate to all " Michael Tremer
2020-05-28 17:58 ` [PATCH 12/16] IPsec: Set display name for VPN connections Michael Tremer
2020-05-28 17:58 ` [PATCH 13/16] IPsec: Ensure that iOS VPNs are always connected Michael Tremer
2020-05-28 17:58 ` [PATCH 14/16] IPsec: Strip @ from IDs in Apple profile Michael Tremer
2020-05-28 17:58 ` [PATCH 15/16] Revert "IPsec: Apple: Stop prompting for credentials" Michael Tremer
2020-05-28 17:58 ` [PATCH 16/16] IPsec: Add CA certificate in Apple profile Michael Tremer
2020-05-28 18:30 ` Easy IPsec connections for macOS & iOS Tom Rymes
2020-05-28 18:58 ` Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200528175850.12638-1-michael.tremer@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox