This is part 2 of How-to setup an IPSec VPN from an Os X Client (or Server)
IP Securitas Connections settings
Download and install IP Securitas.
Make a new connections. Name it as you want. here will name it CISCO for the test
- Remote IPSec Device: enter you WAN IP Address
- Local Side Endpoint mode : Choose Host, and you can leave it blank.
Note if you have trouble (when you are connected, you could manually add one IP here like your current LAN IP, the one from the computer you configuring IPSecuritas)
- Remote Side endpoint : choose Network, and enter remote LAN range (here 192.168.1.0/24)
Important note : this is basic for VPN settings but if you don’t know it, you can be mad. you current local LAN range MUST be different from the remote LAN range IPs. meaning your computer must be on a range like 192.168.0.x/24, or 192.168.2.x/24 and above. If both are on the same subnet range it will simply fail.
Phase 1 tab
- here you’ll fill with IKE settings.
Phase 2 tab
- here you’ll fill with VPN policy settings
the tricky part with local vs remote IDs
- Local Identifier : ciscoremote.com
- Remote Identifier : ciscolocal.com
Note : you reverse IDs. this is simple logic as you now are the remote part considering the Netgear.
- Authentication Method : Pre-shared Key, and fill in “secretkey” (the preshared key you’ve entered in the IKE settings).
While not mandatory, I always prefer to fill in DNS settings for Domains and Servers Addresses.
So fill in accordingly to your Remote LAN settings if you chose so.
Note that if, like me the DHCP (and DNS) are not handled by the Netgear routeur but rather by your (Mac Os X ) Server, then you definitly want to fill in the info here.
Well here settings may differ and you can then do with trial and errors and check at the IP Securitas logs. Anyway here are the settings working for me with this Netgear.
I also choosed to Enable NAT-Translation.
Save your config.
You should now be ready to connect and enjoy your VPN connection.
You also should be able to do Command-K in the finder, choose your server dns name and access your shares.
In my case, once all is ok, it takes less that 3-5 seconds to get a green dot (VPN connection up and running).
Final notes :
- In case of trouble the IP Securitas log is quite helpfull.
- Those settings are based on older settings I made with another Netgear FVS338G The routeur just died as did a previous FVS124G, so we choose this CISCO. So far so good.