From: Tom Rymes <trymes@rymes.com>
To: development@lists.ipfire.org
Subject: IPSec Roadwarrior Configuration
Date: Wed, 24 Jan 2018 15:33:10 -0500 [thread overview]
Message-ID: <b6b91c5f-705e-1721-e9db-d23706266bd1@rymes.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 2594 bytes --]
I suppose that this isn't particularly "Development" related, but I
think it does touch upon features and functionality that are important
to making the project attractive to new users and I also think that,
perhaps, some changes might be needed to the WUI to keep up with changes
to clients. I would think that a tried-and-true configuration that makes
it easy for any user to implement a VPN using built-in clients would be
a major benefit to the project.
IPFire supports two methods for roadwarrior VPN clients, OpenVPN and
IPSec. Of these, OpenVPN requires a client, while IPSec is supported
natively by most or all major operating systems. For various reasons, I
prefer IPSec.
Perusing the internet, one can find many tutorials for how to configure
Strongswan to work with roadwarrior clients, and some of them might even
work. There seems to be a lot of confusion out there over which settings
are needed to support the various client OSs, too.
Most importantly, the WUI makes it look like this should just work out
of the box, but I have not been able to find a good tutorial for using
the WUI in IPFire to accomplish this task. There is one here:
https://wiki.ipfire.org/configuration/services/ipsec/example_configuration-_roadwarrior_with_windows
However, it is missing many details, and has not kept up with changes in
the WUI. Worse, still, it requires one to manually modify the
configuration files, which, ideally, should not be necessary.
After messing about with that tutorial, I have succeeded in connecting a
Windows 10 computer, but I have not been able to succeed with a MacOS
device, and I haven't even dared to try with iOS.
As it stands, it is unclear what one should enter for the fields Remote
host/IP, Remote Subnet, Local ID, and Remote ID, and I am still unclear
on what the proper settings for IKE/ESP settings, DPD, and the other
options at the bottom of the page are.
I will continue to experiment and do my best to update the docs, but I'm
flying pretty blind here. This leads me to a few questions (the forum
has not been of much help in this area):
1.) Does anyone have a good tutorial that they can provide to help me in
making this work and in improving the documentation?
2.) What changes to the WUI, if any, are needed to avoid the need to
manually edit text files and properly support RoadWarrior connections to
Windows 7/8/10, MacOS, Android, and iOS?
3.) What changes need to be made to the certs, configs, etc to support
MacOS, iOS, and Android?
Many thanks,
Tom
next reply other threads:[~2018-01-24 20:33 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-24 20:33 Tom Rymes [this message]
2018-01-29 14:58 ` Peter Müller
2018-01-29 17:26 ` Tom Rymes
2018-01-29 17:50 ` Tom Rymes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b6b91c5f-705e-1721-e9db-d23706266bd1@rymes.com \
--to=trymes@rymes.com \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox