...
This article describes how to set up a VPN connection from the Advanced VPN Client for macOS to a LANCOM router with two-factor authentication (IKEv2-EAP-OTP).
| Info |
|---|
The configuration with a LANCOM Advanced VPN Client for Windows is described in this knowledge base article. |
Requirements:
- LANCOM router with at least 25 VPN licenses (Central-Site gateway, 19xx series router or LANCOM router with the VPN 25 Option)
- Advanced VPN Client for macOS as of version 4.7x
- LCOS as of version 10.70 REL (download latest version)
- LANtools as of version 10.70 REL (download latest version)
- Authenticator app for Android or iOS (e.g. Google Authenticator or Microsoft Authenticator)
...
| Info |
|---|
Repeat this step for each VPN user. |
| Hinweis |
|---|
The Secret must contain capital letters and numbers between 2 - 7 only (see RFC3548). Otherwise the configuration cannot be written back to the router via LANconfig! If the If the Google Authenticator is used, the Secret must have at least 16-digits, as otherwise the scan of the QR code will fail. |
...
- Exchange Mode: From the drop-down menu, select IKEv2.
- PFS Group: From the drop-down menu, select DH14 (modp2048). DH16 (modp4096).
| Info |
|---|
LANCOM Systems recommends to use the PFS group DH16 (modp4096). For this purpose DH16 must also be active in the encryption profile DEFAULT on the router (VPN → IKEv2/IPSec → Encryption).
|
5.6) Authentication via EAP-OTP cannot be configured in the wizard, so this must be done manually at a later stage. Click Next without making changes.
...