...
4.2) Copy the certificate to the computer that is to establish the VPN connection and save it to the directory C:\ProgramData\LANCOM\Advanced VPN Client\directory /Library/Application Support/NCP/Secure Client/cacerts.
4.3) Start the Advanced VPN Client and navigate to the menu Connection → View Certificates → Display CA certificates.
4.4) Check whether the Advanced VPN Client recognized the certificate.
5) Setting up an IKEv2-EAP-OTP connection with the Advanced VPN Client:
5.1) In the Advanced VPN Client, navigate to the menu Configuration → Profiles.
5.2) Click on Add / Import the + button to create a new VPN connection.
5.3) Select Link to Corporate Network Using IPsec and click on Next.
5.4) Enter a descriptive Profile Name.
5.5) From the drop-down menu, select the Communication Media to be used for establishing the VPN connection.
| Info |
|---|
If you wish to establish the VPN connection with different connection media (e.g. LAN and Wi-Fi), select automatic media detection. |
5.6) 4) Under Gateway (Tunnel Endpoint) enter the public IP address or the DNS name of the router.
5.75) Enter the following parameters:
- Exchange Mode: From the drop-down menu, select IKEv2.
- PFS Group: From the drop-down menu, select DH14 (modp2048).
5.86) Authentication via via EAP-OTP cannot be configured in the wizard, so this must be done manually at a later stage. Click Next without making changes.
5.97) For the IP address assignment select the drop-down menu entry IKE Config Mode. This allows the Advanced VPN Client to obtain an IP address from the router when dialing in via VPN.
5.8) Then click Finish.
5.9) Mark the VPN profile created in the steps 5.1 – 5.10 and click Edit.
5.10) Enter the target In the Split Tunneling menu, enter the destination network to which the VPN connection is to should be established. This means ensures that only the data traffic destined for the target destination network is routed via over the VPN tunnel.Then click Finish.
| Info |
|---|
For more information on split tunneling, see this Knowledge Base article. |
5.11) Mark the VPN profile created in the steps 5.1 – 5.10 and click Edit.
5.12) Go to the tab IPsec General Settings and set the IKEv2 Authentication to EAP.
5.1312) Switch to the Identities tab and enter the user name of the RADIUS user as the Local Identity and also the OTP user name as the user ID for the EAP Authentication.
| Hinweis | ||
|---|---|---|
| ||
5.1312.1 If you are using LCOS firmware up to version 10.80, please leave the password field blank.
5.1312.2 If you are using LCOS firmware version 10.90 or later, please enter any the password you configured in step 3.5 in the Password field.
|
5.1413) This concludes the configuration of the VPN connection in the Advanced VPN Client. Confirm the manually entered changes by clicking on OK.
...