From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Rymes To: development@lists.ipfire.org Subject: IPSec Roadwarrior Configuration Date: Wed, 24 Jan 2018 15:33:10 -0500 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8064598220797895675==" List-Id: --===============8064598220797895675== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable I suppose that this isn't particularly "Development" related, but I=20 think it does touch upon features and functionality that are important=20 to making the project attractive to new users and I also think that,=20 perhaps, some changes might be needed to the WUI to keep up with changes=20 to clients. I would think that a tried-and-true configuration that makes=20 it easy for any user to implement a VPN using built-in clients would be=20 a major benefit to the project. IPFire supports two methods for roadwarrior VPN clients, OpenVPN and=20 IPSec. Of these, OpenVPN requires a client, while IPSec is supported=20 natively by most or all major operating systems. For various reasons, I=20 prefer IPSec. Perusing the internet, one can find many tutorials for how to configure=20 Strongswan to work with roadwarrior clients, and some of them might even=20 work. There seems to be a lot of confusion out there over which settings=20 are needed to support the various client OSs, too. Most importantly, the WUI makes it look like this should just work out=20 of the box, but I have not been able to find a good tutorial for using=20 the WUI in IPFire to accomplish this task. There is one here: https://wiki.ipfire.org/configuration/services/ipsec/example_configuration-_r= oadwarrior_with_windows However, it is missing many details, and has not kept up with changes in=20 the WUI. Worse, still, it requires one to manually modify the=20 configuration files, which, ideally, should not be necessary. After messing about with that tutorial, I have succeeded in connecting a=20 Windows 10 computer, but I have not been able to succeed with a MacOS=20 device, and I haven't even dared to try with iOS. As it stands, it is unclear what one should enter for the fields Remote=20 host/IP, Remote Subnet, Local ID, and Remote ID, and I am still unclear=20 on what the proper settings for IKE/ESP settings, DPD, and the other=20 options at the bottom of the page are. I will continue to experiment and do my best to update the docs, but I'm=20 flying pretty blind here. This leads me to a few questions (the forum=20 has not been of much help in this area): 1.) Does anyone have a good tutorial that they can provide to help me in=20 making this work and in improving the documentation? 2.) What changes to the WUI, if any, are needed to avoid the need to=20 manually edit text files and properly support RoadWarrior connections to=20 Windows 7/8/10, MacOS, Android, and iOS? 3.) What changes need to be made to the certs, configs, etc to support=20 MacOS, iOS, and Android? Many thanks, Tom --===============8064598220797895675==--