When clients have dynamic IP address the MAIN mode requires the SAME PSK for all users, on the contrary AGGRESSIVE mode allows individual PSK. For this reason it is usually preferred in this situation.
This table show the parameters of iPhone/iPad native IPsec and their corresponding parameters in Abilis configuration.
Table 89.5. Checklist of parameters
The iPhone/iPad native IPsec parameter | Abilis IKE Table | Abilis IKE Table parameter |
---|---|---|
Server | HOST | LOC-IP |
Account | HOST | XAUTH-USER |
Password | HOST | XAUTH-PWD |
Group Name | HOST | KEY-ID |
Secret | PSK | KEY |
Suppose that Abilis is configured in the following way. Refer to Section 81.19.2, “How to configure a RAS using IPSEC VPN server with iPhone/iPad or Mac” for the configuration of IPsec and IKE resources.
[22:54:53] ABILIS_CPX:d ike host:0
------------------------------------------------------------------------------- HOST: NAME: LIFETIME: HASH: DPD: DPD-ACTION: LOCIP: NATT: MODE: MODE-CFG: DH: DPD-DELAY: REMIP: SIDE: AUTH: XAUTH: CIPHER: SA-TRY: DPD-TOUT: XAUTH-USER: XAUTH-PWD: -- PSK ID --------------------------------------------------------------- ID-TYPE: IP:/ID: PEER-ID-TYPE: PEER-IP:/PEER-ID: -- RSA Cert ------------------------------------------------------------- CERT-SEND: ASN1-DN: CERT-PEER: PEER-ASN1-DN: CERT-VERIFY: ------------------------------------------------------------------------------- 0 iOS_Aggressive 3600 SHA1 YES STOP 080.080.080.080 SYS AGGRESSIVE REQUEST MODP2048 30 * INSIDE PSK SERVER AES256 3 120 test ******** -- PSK ID --------------------------------------------------------------- LOCIP KEY-ID abilis ------------------------------------------------------------------------------- [22:54:53] ABILIS_CPX:d ike psk:1
------------------------------------------------------------------------------- PSK: KEY: PEER-ID-TYPE: PEER-IP:/PEER-ID: ------------------------------------------------------------------------------- 1 ******** KEY-ID abilis [22:54:53] ABILIS_CPX:d ike cli:
0 ------------------------------------------------------------------------------- CLI: NAME: LIFETIME: ESP: AH: HOST: NET-LOC: RULE: PASSIVE: PFS: ESP-AUTH: AH-AUTH: NET-REM: PERMANENT: TUNNEL: ESP-CIPHER: MODE-CFG-DNS: ------------------------------------------------------------------------------- 0 iOS_Aggressive 28800 YES NO 0 000.000.000.000/00 IPSEC YES NO SHA1 SHA1 172.031.101.006/32 YES YES AES256 008.008.008.008 -------------------------------------------------------------------------------
To configure an Apple iOS device for IPsec VPN connection with Abilis:
Click the Settings icon on your iOS device.
Then click General:
Click VPN:
Now click Add VPN Configuration:
Click Type and then select IPSec:
Now enter the configuration parameters:
Click Done in the upper-right corner and you should now see this screen:
Click the Not Connected slider button and wait for it say Connected. The VPN icon appears in the status bar to indicate that the connection is successful.
In the future, you can turn the VPN on/off very quickly by simply going to Settings > VPN and toggling the slider button.