Login to the admin portal, then on the bottom left select “Certificates”. To setup the IPsec server in Sophos XG first we need to make 2 certificates. I am using Sophos XG v18 with a Home license, backed by AD running on a Dell Optiplex for this guide (dont worry it as a cool Intel Nic in it). If anyone gets it to work with your own let me know. There are some posts on the Apple support forums from Apple engineers saying the root CA has to be in already on the device. iOS and macOS will NOT check your certificate store for your VPN endpoint (Sophos XG) certificate, it HAS to ship with the firmware or you will get the fantastic and descriptive “Could not validate the server certificate.” Also believe it or not, that is one of the most descriptive errors you will get here. Also up front, to save you a few days of trying things. You can not use a pre-shared key/password. Apple has 1 big requirement for them, you have to use certificate based auth. This allows you to run services at home, and to users (your mom or cat or whomever) it looks like just another website. On-Demand VPN gives you the ability to set certain websites or IPs, and when your phone or laptop attempts to connect, the machine silently brings a IPsec tunnel online and uses it for that traffic. Sophos agrees and uses that capitalization, while Cisco and depending on which web page you are on for Microsoft may call it IPSEC or IPSec or IPsec.
That is what the original RFC called it, what the original working group was called, and the capitalization they used. If you have any questions, thoughts, or success stories please comment below!įun fact: I will be calling the protocol IPsec here. Then I will talk about the crazy and painful road I went down before finding 1, just 1, set of settings that seem to work. I will start with the settings you need to get it working, since a lot of people just want that. Little did I know the world of hurt I was entering. While I could setup a L2TP or SSL VPN and connect whenever I wanted to use these services, I thought I would give On-Demand VPN via a iOS/macOS configuration a try. Having a small home lab I wanted to be able to setup internal services, and then on the go be able to access them.
0 kommentar(er)
