This document describes how to set up an IKEv2 VPN connection between a LANCOM router and the Apple iPhone or iPad client.
- LCOS version 9.24 or later (download)
- LANtools version 9.24 or later (download)
- iOS as of version 8 or later
1) Configuring the LANCOM router:
1.1) Start the Setup Wizard in LANconfig.
1.2) Select the item Provide remote access (RAS, VPN).
1.3) In the next dialog you select the option IKEv2.
1.4) Select the LANCOM Advanced VPN Client for Windows as the VPN client and deactivate the option Speed up configuration with 1-Click-VPN.
1.5) Enter the name for the VPN connection here (e.g. VPN_IPHONE).
1.6) Enter the public IP address or public DNS address of the LANCOM router.
1.7) Assign any fully qualified username in the form of an e-mail address and specify a pre-shared key.
1.8) Here you specify the local IP address to be allocated to the Apple device for its VPN connection.
1.9) The following item optionally allows you to limit the access of the Apple device VPN client to certain networks.
1.10) Deactivate the option to Store profile as LANCOM Advanced VPN Client import file.
1.11) This completes the initial configuration with the Wizard. Close the final dialog window by clicking on Finish.
1.12. Open the configuration of the LANCOM router and change to the menu VPN -> IKEv2/IPSec -> Encryption.
Copy the existing DEFAULT profile.
1.13. Enter a new name for the entry and deactivate the PFS.
1.14. Open the connection profile for the VPN connection in the menu VPN -> IKEv2/IPSec -> Connection list.
1.15. For encryption, select the step in step 1.13. created encryption profile.
1.16. Write the configuration back to the LANCOM router.
2) Configuration of the Apple iPhone or iPad:
2.1) Under the VPN setting, select the item VPN and click VPN configuration.
- Give the connection a unique description; in our example we have taken LANCOM.
- As Server enter the WAN IP address or the domain of the LANCOM router. The LANCOM router must be accessible from the WAN at this address.
The next step is to enter the Fully Qualified Username, which was entered into the LANCOM earlier as local identity and remote identity; in our example, this is firstname.lastname@example.org.
2.3) The final item in the configuration is to enter the Shared secret, which was specified in the LANCOM as the preshared key.
2.4) Save the configuration with Done.