Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPsec or IKEv2 for iOS/macOS high performance road warrior VPN?
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPsec or IKEv2 for iOS/macOS high performance road warrior VPN? (Read 688 times)
gctwnl
Jr. Member
Posts: 60
Karma: 0
IPsec or IKEv2 for iOS/macOS high performance road warrior VPN?
«
on:
November 29, 2022, 05:17:57 pm »
Hah. After spending quite a bit of time on it, I just found out L2TP isn't supported at all in OPNsense... So, migrating the existing L2TP setup from EdgeOS (which does support L2TP) to OPNsense would never have worked. And here I was, adding PSK, accounts, and failing (basically, I'm not that much of an expert in this whole VPN business)...
So, I must (sadly) have new VPN configurations created on my family's macOS and iOS 'road warrior' devices. I cannot simply recreate their current access it on OPNsense, replace the EdgeMax with the OPNsense appliance and have them connect as they used to without them noticing anything.
Now, I don't want to install software on the clients (management nightmare for me), so I must go with what iOS/macOS offer out of the box, and that is IKEv2 or Cisco IPsec.
Which one should I use?
Additionally, in my current L2TP setup, the VPN connections get a fixed IP address inside the main LAN. So, the DHCP pool on the LAN is from 192.168.2.100-192.168.2.149, and the L2TP/IPsec pool is 192.168.2.160/27, but each account gets its own fixed IP. That enables me to fine tune what the users are allowed to do, and also in Apple Remote Desktop, the IP address stays the same all the time.
Can I replicate that on OPNsense?
Logged
gctwnl
Jr. Member
Posts: 60
Karma: 0
Re: IPsec or IKEv2 for iOS/macOS high performance road warrior VPN?
«
Reply #1 on:
November 30, 2022, 03:08:05 am »
I'e gone with Cisco IPsec. Connecting was easy enough to set up from the documentation.But I haven't found out yet how to get the connected device to access the LAN. On the IPsec interface it has a 10.10.0.1 address and it needs to be more like a 192.168.2.160 address on the standard 192.168.2.2/24 LAN. So, either i need routing between 10.10.0.1 and 192.168.2.2/24 or the client needs to get that IP address directly on the LAN.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPsec or IKEv2 for iOS/macOS high performance road warrior VPN?