Description:
This document describes how to set up an IKEv2 VPN connection between a LANCOM router and the Apple iPhone or iPad client.

Depending on the used iOS version the Identifier Type Domain name (FQDN) has to be used instead of the type Email address (FQUN). However, the Identifier type cannot be modified in the setup wizard used in this article. In this case, please set up the VPN connection manually in the router as described in the following Knowledge Base article:

Setting up an IKEv2 client-to-site VPN connection (IPv4) between a LANCOM router and an iPhone/iPad manually




Requirements:
  • LCOS version 9.24 or later (download)
  • LANtools version 9.24 or later (download)
  • iOS as of version 8 or later


Procedure:
1) Configuring the LANCOM router:
1.1) Start the Setup Wizard in LANconfig.
1.2) Select the item Provide remote access (RAS, VPN).
Setup wizard with selection for setting up dial-in access
1.3) In the next dialog you select the option IKEv2.
Dial-in of IKEv2 and IKEv1
1.4) Select the LANCOM Advanced VPN Client for Windows as the VPN client and deactivate the option Speed up configuration with 1-Click-VPN.
VPN client should be selected for dial-in access
1.5) Enter the name for the VPN connection here (e.g. VPN_IPHONE).
Assign VPN name
1.6) Enter the public IP address or public DNS address of the LANCOM router.
Address selection of the router for the VPN client
1.7) Assign any fully qualified username in the form of an e-mail address and specify a pre-shared key.
Fully qualified user name and preshared key assigned
1.8) Leave the default address "0.0.0.0" in the IP address field and click Next.
Leave IP address default
1.9) If you have not yet set up an IP address pool for VPN client access in your configuration, please do so in this dialogue.
  • Enter the IP addresses and assign an IP address for the name server to be used (in this case the LANCOM router).
Assign IP address for DNS
1.10) The following item optionally allows you to limit the access of the Apple device VPN client to certain networks.
1.11) Deactivate the option to Store profile as LANCOM Advanced VPN Client import file.
Selection for saving the configuration as an import file
1.12) This completes the initial configuration with the Wizard. Close the final dialog window by clicking on Finish.
Press the Finish button
1.13) Open the configuration of the LANCOM router and change to the menu VPN → IKEv2/IPSec → Encryption.
Copy the existing DEFAULT profile.
Open LanConfig encryption and copy default
1.14) Enter a new name for the entry and deactivate the PFS.
Assign encryption name and switch PFS to NO
1.15) Open the connection profile for the VPN connection in the menu VPN → IKEv2/IPSec → Connection list.
1.16) For encryption, select the step in step 1.13. created encryption profile.
Select connection list and encryption
1.17) Write the configuration back to the LANCOM router.


2) Configuration of the Apple iPhone or iPad:

2.1) Under the VPN setting, select the item VPN and click VPN configuration.

  • Give the connection a unique description; in our example we have taken LANCOM.
  • As Server enter the public IP address or the DNS name of the LANCOM router. The LANCOM router must be accessible via the Internet at this address.
2.2) The next step is to enter the Fully Qualified Username, which was entered into the LANCOM earlier as local identity and remote identity; in our example, this is vpn@lancom.de.
2.3) The final item in the configuration is to enter the Shared secret, which was specified in the LANCOM as the preshared key.
2.4) Save the configuration with Done.