Apple Devices (MacOS and iOS) provide a means to greatly simplify and control the installation of IKEv2 connections. An XML file is copied to the device and opened, causing the certificates to be installed and the connection created. Settings such as auto-connect on cellular or auto-connect on Wi-fi, etc can be configured. Similarly, a simple Powershell script on Windows can install certificates, create a VPN connection, and choose more secure ciphers in a much more user-friendly way than manually performing these steps. I would like to request that the IPFire Roadwarrior IPSec WUI be enhanced to include the creation of these files/scripts (which could be downloaded via a similar link to the current certificate link). I think that this would be a major improvement for ease of use, and a good way to attract new users to IPFire. IKEv2 is built-in to Windows, MacOS, and iOS at this point, and is preferable to OpenVPN.
I would really like this, too. I would offer to do the iOS stuff here if someone could send me a tempate profile created with the Apple Configurator (I don't have a Mac to run that). But I have no idea how to do the Windows stuff. Does anyone have experience with that?
Michael: For Windows, here is the information I had dug up. After I had figured this out on my own, I found Algo, which takes all of the same stuff and puts it in a pretty wrapper (powershell script). Import Certificate: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/certutil Add/Configure VPN Connection: https://docs.microsoft.com/en-us/powershell/module/vpnclient/?view=win10-ps To add a VPN Connection: 1.) Import the cert: certutil -f -importpfx <filename> 2.) Add the connection: Add-VpnConnection -name "MyVPN" -ServerAddress "xxx.xxx.xxx.xxx" -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required 3.) Configure the connection: Set-VpnConnectionIPsecConfiguration -ConnectionName "MyVPN" -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES128 -IntegrityCheckMethod SHA384 -DHGroup ECP256 -PfsGroup ECP256 -Force To remove the same connection: 1.) Remove-VpnConnection -name "MyVPN" -Force The above is information I worked out on my own. I don't personally think any of the output files from Algo are covered by a license, but I didn't want to put any of that up here without checking first. For Apple, I will download the configurator when I have my mac in front of me again, but here are two good links, one of which includes a sample file: https://developer.apple.com/library/content/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html https://hub.zhovner.com/geek/universal-ikev2-server-configuration/
After re-reading your comment, Michael, I wanted to point out that the Apple Mobileconfig files work for both MacOS and iOS, not just iOS. Tom
(In reply to Tom Rymes from comment #3) > After re-reading your comment, Michael, I wanted to point out that the Apple > Mobileconfig files work for both MacOS and iOS, not just iOS. > > Tom That's amazing. I wish other OSes had such a nice way to do this.
What is the status of this bug?