This is great news, Michael. I do believe that the host and root certs 
need certain requirements for this to work? SANs come to mind.

I believe that this is resolved for new installations, but folks with 
older installs and certificates might run into that old issue.

Tom

On 05/28/2020 1:58 PM, Michael Tremer wrote:
> Hello,
> 
> I have created a couple of patches for review. They intoduce creating
> IPsec roadwarrior connections for Apple devices.
> 
> IPsec connections can be easily exported as an XML structure which
> can be imported into any iOS or macOS device.
> 
> Those connections allow that all traffic from that device can be
> routed through an IPFire instance in a data center and split-horizon
> VPNs are supported, too.
> 
> The configuration is as simple as usual although Apple has some
> (sane) requirements to certificate lifetimes and really makes sure
> that they are talking to the correct peer.
> 
> I have added a wiki page that explains how the connection needs to
> be set up:
> 
>    https://wiki.ipfire.org/configuration/services/ipsec/apple
> 
> I would like to encourage everyone to review my patches and test them
> as well as the provided documentation.
> 
> As soon as I have some feedback, I would like to put this patchset
> forward to be merged into the next Core Update.
> 
> Best,
> -Michael
> 
>