I suppose that this isn't particularly "Development" related, but I think it does touch upon features and functionality that are important to making the project attractive to new users and I also think that, perhaps, some changes might be needed to the WUI to keep up with changes to clients. I would think that a tried-and-true configuration that makes it easy for any user to implement a VPN using built-in clients would be a major benefit to the project.
IPFire supports two methods for roadwarrior VPN clients, OpenVPN and IPSec. Of these, OpenVPN requires a client, while IPSec is supported natively by most or all major operating systems. For various reasons, I prefer IPSec.
Perusing the internet, one can find many tutorials for how to configure Strongswan to work with roadwarrior clients, and some of them might even work. There seems to be a lot of confusion out there over which settings are needed to support the various client OSs, too.
Most importantly, the WUI makes it look like this should just work out of the box, but I have not been able to find a good tutorial for using the WUI in IPFire to accomplish this task. There is one here:
https://wiki.ipfire.org/configuration/services/ipsec/example_configuration-_...
However, it is missing many details, and has not kept up with changes in the WUI. Worse, still, it requires one to manually modify the configuration files, which, ideally, should not be necessary.
After messing about with that tutorial, I have succeeded in connecting a Windows 10 computer, but I have not been able to succeed with a MacOS device, and I haven't even dared to try with iOS.
As it stands, it is unclear what one should enter for the fields Remote host/IP, Remote Subnet, Local ID, and Remote ID, and I am still unclear on what the proper settings for IKE/ESP settings, DPD, and the other options at the bottom of the page are.
I will continue to experiment and do my best to update the docs, but I'm flying pretty blind here. This leads me to a few questions (the forum has not been of much help in this area):
1.) Does anyone have a good tutorial that they can provide to help me in making this work and in improving the documentation? 2.) What changes to the WUI, if any, are needed to avoid the need to manually edit text files and properly support RoadWarrior connections to Windows 7/8/10, MacOS, Android, and iOS? 3.) What changes need to be made to the certs, configs, etc to support MacOS, iOS, and Android?
Many thanks,
Tom