Versionen im Vergleich

Alte Version 4

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.
Seiteneigenschaften


Description:
This document describes how to set up a IKEv1 VPN connection between a LANCOM router and the Apple iPhone or iPad client.
Hinweis

In 2019 the IETF (Internet Engineering Task Force) has designated IKEv1 as deprecated and insecure and therefore it should not be used anymore. LANCOM Systems instead recommends to use the current standard IKEv2.

The IKEv1 functionality in LANCOM devices remains intact and can still be used for scenarios where devices without IKEv2 support are used. However LANCOM Systems will not provide any support regarding the troubleshooting of connection problems with IKEv1 connections. Also there won't be any bug fixes or new features for IKEv1.

In rare cases a disconnect can occur during rekeying. In such a case it can be useful to increase the lifetimes, so that the disconnects occur less often.

Info

The configuration of an IKEv2 connection between an iPhone / iPad and a LANCOM router is described in this Knowledge Base article.



Requirements:


Procedure:

1. Configuring the LANCOM Router:

Configuration of the VPN connection on the router is initially conducted with the Setup Wizard. You then have to manually edit/add two items.

1.1 Start the program LANconfig and double-click on the router which is to be set up with the VPN.

1.2 Select the item Provide remote access (RAS, VPN).

Image Removed

Image Added

1.3 Select the item IKEv1.

Image Removed

Image Added

1.4 Here you select VPN connection with user-defined parameters for the remote access to the router.

Image Removed

Image Added

1.5 Enter the name for the VPN connection here (e.g. VPN_IPHONE).

Image Removed

Image Added

1.6 Here you enter the preshared key for the connection. The iPhone configuration describes this item as the shared secret.

Image Removed

Image Added

1.7 Press "Next" without making any changes.

Image Removed

Image Added

1.8 Here you set the local and remote identity types to Key ID (group name) and enter a description for the local identity and remote identity; in our example we have taken iphonetest.

Image Removed

Image Added

1.9 The iPhone VPN client does not support PFS, so remove the check mark for Use the PFS algorithm for this connection.

Image Removed

Image Added

1.10 The following options can be used with their default values.

Image Removed

Image Added

Image Removed

Image Added

1.11 Here you specify the local IP address to be allocated to the iPhone for its VPN connection.

Image Removed

Image Added

1.12 The following item optionally allows you to limit the access of the iPhone VPN client to certain networks.

Image Removed

Image Added

1.13 This completes the initial configuration with the Wizard. Close the final dialog window by clicking on "Finish".

Image Removed

Image Added

1.14 As mentioned earlier, the next stage in setting up iPhone remote access is to manually edit the following items in the configuration.

In the program LANconfig, open the item VPN → IKEv1 → Connection list and select the VPN_IPHONE connection.

1.15 Set the item XAUTH to Server and click on OK.

Image Removed

Image Added

1.16 Now open Communications → Protocols → PPP list and click on Add.

For the Remote site select the VPN connection selected earlier - in this case VPN_IPHONE - and enter a password.

The field for User name is left empty. Finally, click on OK.

Image Removed

Image Added

This concludes the configuration of the LANCOM VPN router.



2. Configuring the Apple iPhone or iPad:

2.1 Under the VPN setting, select the item VPN and add a VPN configuration.

  • Give the connection a unique description; in our example we have taken LANCOM.
  • As Server enter the WAN IP address or the domain; in our example this is " vpn.lancom.de ".
The LANCOM must be accessible via WAN at this address. For the items Account and Password enter the VPN connection name and the password as defined in the LANCOM.
These two items were entered earlier into the PPP list. In our example, this is the account VPN_IPHONE. The password is concealed.
Image Removed
Image Added
2.2 The next step is to enter the Group name, which was entered into the LANCOM router earlier as local identity and remote identity; in our example, this is iphonetest.
2.3 The final item in the configuration is to enter the Shared secret, which was specified in the LANCOM router as the preshared key.
Image Removed
Image Added
All you have to do now is to store your configuration with Save, and you're done.