- manual ipsec vpn setup for osx 10.7+
Question: Q: Mac VPN to L2TP on IPSec Connection Issues. My company has implemented a VPN using Microsoft s VPNs for Windows Server 2003. Recently they ve changed from PPTP to L2TP over IPSec. Then, the VPN client should be able to find the certificate from the VPN client setup if it's imported correctly, and it looks like it's used instead.
It is suggested that you use the WiTopia Client and not the alternate software. We fully support setting up and using alternate connections though. Please use the following directions to setup the VPN your computer.
Manual IPSec setup for MacOS 10.7 or later
- Click on the apple logo in the top left corner
- Choose System Preferences
- Click on Network.
- Click on “+” in bottom left of window to add a configuration.
- For Interface choose VPN from pulldown menu.
- For VPN Type choose Cisco IPsec
- For Service Name you can call it whatever you wish.
- Click Create button.
- Click Plus sign below to open list of server locations
IPSec Server Location Addresses
USA IPSec VPN Gateways
ipsec.ashburn.witopia.net
ipsec.atlanta.witopia.net
ipsec.baltimore.witopia.net
ipsec.boston.witopia.net
ipsec.chicago.witopia.net
ipsec.dallas.witopia.net
ipsec.denver.witopia.net
ipsec.losangeles.witopia.net
ipsec.kansascity.witopia.net
ipsec.longbeach.witopia.net
ipsec.lasvegas.witopia.net
ipsec.miami.witopia.net
ipsec.newark.witopia.net
ipsec.newyork.witopia.net
ipsec.phoenix.witopia.net
ipsec.portland.witopia.net
ipsec.redding.witopia.net
ipsec.sanfrancisco.witopia.net
ipsec.seattle.witopia.net
ipsec.washingtondc.witopia.net
ipsec.atlanta.witopia.net
ipsec.baltimore.witopia.net
ipsec.boston.witopia.net
ipsec.chicago.witopia.net
ipsec.dallas.witopia.net
ipsec.denver.witopia.net
ipsec.losangeles.witopia.net
ipsec.kansascity.witopia.net
ipsec.longbeach.witopia.net
ipsec.lasvegas.witopia.net
ipsec.miami.witopia.net
ipsec.newark.witopia.net
ipsec.newyork.witopia.net
ipsec.phoenix.witopia.net
ipsec.portland.witopia.net
ipsec.redding.witopia.net
ipsec.sanfrancisco.witopia.net
ipsec.seattle.witopia.net
ipsec.washingtondc.witopia.net
Canada IPSec VPN Gateways
ipsec.montreal.witopia.net
ipsec.toronto.witopia.net
ipsec.vancouver.witopia.net
ipsec.toronto.witopia.net
ipsec.vancouver.witopia.net
Central/South America IPSec VPN Gateways
ipsec.mexicocity.witopia.net
ipsec.saopaulo.witopia.net
ipsec.saopaulo.witopia.net
Europe IPSec VPN Gateways
ipsec.amsterdam.witopia.net
IPSec.Barcelona.witopia.net
ipsec.berlin.witopia.net
ipsec.brussels.witopia.net
ipsec.bucharest.witopia.net
ipsec.copenhagen.witopia.net
ipsec.dublin.witopia.net
ipsec.frankfurt.witopia.net
ipsec.helsinki.witopia.net
ipsec.istanbul.witopia.net
ipsec.kiev.witopia.net
ipsec.kristiansand.witopia.net
ipsec.lisbon.witopia.net
ipsec.london.witopia.net
ipsec.luxembourg.witopia.net
ipsec.madrid.witopia.net
ipsec.valencia.witopia.net
ipsec.manchester.witopia.net
ipsec.milan.witopia.net
ipsec.moscow.witopia.net
ipsec.paris.witopia.net
ipsec.prague.witopia.net
ipsec.riga.witopia.net
ipsec.rome.witopia.net
ipsec.reykjavik.witopia.net
ipsec.stockholm.witopia.net
ipsec.vilnius.witopia.net
ipsec.warsaw.witopia.net
ipsec.zurich.witopia.net
IPSec.Barcelona.witopia.net
ipsec.berlin.witopia.net
ipsec.brussels.witopia.net
ipsec.bucharest.witopia.net
ipsec.copenhagen.witopia.net
ipsec.dublin.witopia.net
ipsec.frankfurt.witopia.net
ipsec.helsinki.witopia.net
ipsec.istanbul.witopia.net
ipsec.kiev.witopia.net
ipsec.kristiansand.witopia.net
ipsec.lisbon.witopia.net
ipsec.london.witopia.net
ipsec.luxembourg.witopia.net
ipsec.madrid.witopia.net
ipsec.valencia.witopia.net
ipsec.manchester.witopia.net
ipsec.milan.witopia.net
ipsec.moscow.witopia.net
ipsec.paris.witopia.net
ipsec.prague.witopia.net
ipsec.riga.witopia.net
ipsec.rome.witopia.net
ipsec.reykjavik.witopia.net
ipsec.stockholm.witopia.net
ipsec.vilnius.witopia.net
ipsec.warsaw.witopia.net
ipsec.zurich.witopia.net
Africa/Middle East IPSec VPN Gateways
ipsec.jerusalem.witopia.net
ipsec.johannesburg.witopia.net
ipsec.johannesburg.witopia.net
Asia IPSec VPN Gateways
ipsec.bangkok.witopia.net
ipsec.hanoi.witopia.net
ipsec.hongkong.witopia.net
ipsec.kualalumpur.witopia.net
ipsec.newdelhi.witopia.net
ipsec.singapore.witopia.net
ipsec.seoul.witopia.net
ipsec.tokyo.witopia.net
ipsec.hanoi.witopia.net
ipsec.hongkong.witopia.net
ipsec.kualalumpur.witopia.net
ipsec.newdelhi.witopia.net
ipsec.singapore.witopia.net
ipsec.seoul.witopia.net
ipsec.tokyo.witopia.net
Oceania IPSec VPN Gateways
ipsec.sydney.witopia.net
ipsec.auckland.witopia.net
ipsec.melbourne.witopia.net
ipsec.auckland.witopia.net
ipsec.melbourne.witopia.net
![Setup ipsec for mac pro Setup ipsec for mac pro](/uploads/1/2/5/7/125726109/367277228.png)
Configuring IPsec VPN client on Apple OS X
There are three steps to connect Apple OS X computer to your company network through IPsecInternet Protocol security - A network protocol used to encrypt and secure data sent over a network.VPNVirtual private network - A network that enables users connect securely to a private network over the Internet. and authenticate with an SSL certificateSSL certificates are used to authenticate an identity on a server.:
- Configure IPsec VPN serverKerio Control includes a VPN server which provides users to connect to the Kerio Control network from the Internet securely. in Kerio Control.
- Create SSLSecure Sockets Layer - A protocol that ensures integral and secure communication between networks. certificate and import the certificate to Keychain Access.
- Configure VPN client as L2TPLayer 2 Tunneling Protocol - A tunneling protocol used with IPsec. over IPsec.
To configure Kerio Control Server:
- Setup IPsec VPN server to use certificates issued by a Local Certification Authority. For more information refer to Configuring IPsec VPN Server.
- Go to Definitions > SSL Certificates.
- Click Add > New Certificate and create a new certificate for VPN clients.
IMPORTANT
Do not use IP addressAn identifier assigned to devices connected to a TCP/IP network. instead of the Kerio Control hostname.
- Click Apply in the SSL Certificates section.
- Export this certificate in the PKCS#12 format.
SSL certificates section
- In the Export Certificate in PKCS#12 Format dialog, use password without national characters.
- Check Include all certificates in the certification path if possible and Kerio Control exports all higher certificates including the certification authority.
- Click OK.
To import the SSL certificate to the Keychain Access utility in your Apple OS X:
![Setup ipsec for mac pro Setup ipsec for mac pro](http://frankgroeneveld.nl/uploads/2015/08/Screen%20Shot%202015-08-06%20at%2010.27.30.png)
- Go to Applications > Utilities > Keychain Access.
- Switch view to System keychain and unlock the keychain.
IMPORTANT
Do not confuse keychains. Default Login keychain is unwanted in this case.
- Drag the PKCS#12 file, drop it to the System keychain. There are at least two Kerio Control certificates — one or more certificates (blue certificate icon) and Certification Authority (gold certificate icon) in the Keychain Access.
- Locate the imported Certification Autohority (CA) in the System keychain.
- Set the CA trust properties to Always trusted.
- Locate the imported certificate and ensure the certificate is trusted.
Procedure for Mac OS X 7 and newer:
Keychain access configuration
- In the System keychain, go to My Certificates.
- Find your certificate and click the small arrow and a private key appears.
- Double-click the private key and go to Access Control.
- Click the
+
icon and add the following executable to the list:/usr/sbin/racoon
NOTE
If you don't see the
/usr
folder when browsing for the executable, use the Show hidden files.The shortcut is
cmd-shift-.
(cmd-shift-dot).- Click Open.
Keychain Access uses your SSL certificate.
You must create a VPN connection based on L2TP over IPsec:
- Go to System Preferences > Network.
- In the Network dialog, click the + icon and add VPN.
- Select the L2TP over IPsec mode.
Creating VPN client
- Type a hostname of Kerio Control to Server Address and your Control's username to Account Name.
IMPORTANT
Do not use IP address instead of the Kerio Control hostname.
Selecting authentication settings
- Click Authentication Settings.
- Set user authentication by password and type your Kerio Control's password. MS-CHAPv2 might be needed.
Selecting the certificate for authentication
- Set Machine Authentication by a certificate, click Select and select the certificate from the previous step.