From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Rymes To: development@lists.ipfire.org Subject: Re: Easy IPsec connections for macOS & iOS Date: Thu, 28 May 2020 14:30:39 -0400 Message-ID: <354ceb0a-53d4-1510-05bb-b9239da9dfa9@rymes.com> In-Reply-To: <20200528175850.12638-1-michael.tremer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8859417192743274858==" List-Id: --===============8859417192743274858== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit This is great news, Michael. I do believe that the host and root certs need certain requirements for this to work? SANs come to mind. I believe that this is resolved for new installations, but folks with older installs and certificates might run into that old issue. Tom On 05/28/2020 1:58 PM, Michael Tremer wrote: > Hello, > > I have created a couple of patches for review. They intoduce creating > IPsec roadwarrior connections for Apple devices. > > IPsec connections can be easily exported as an XML structure which > can be imported into any iOS or macOS device. > > Those connections allow that all traffic from that device can be > routed through an IPFire instance in a data center and split-horizon > VPNs are supported, too. > > The configuration is as simple as usual although Apple has some > (sane) requirements to certificate lifetimes and really makes sure > that they are talking to the correct peer. > > I have added a wiki page that explains how the connection needs to > be set up: > > https://wiki.ipfire.org/configuration/services/ipsec/apple > > I would like to encourage everyone to review my patches and test them > as well as the provided documentation. > > As soon as I have some feedback, I would like to put this patchset > forward to be merged into the next Core Update. > > Best, > -Michael > > --===============8859417192743274858==--