How to establish VPN connection from macOS/iOS/Windows to Vigor router via IKEv2 EAP

Modify from the previous version IKEv1, IKEv2 is a new VPN protocol and has lots of improvements than the former. It is more stable, more secure and faster connection establishing speed. Support newer and more complicated secure ciphers to make the connection more secure. Using new connection progress and discard the PPP, IKEv2 provides the faster establishing speed.

Vigor routers supports IKEv2 with EAP authentication since firmware version 3.9.0 or later. VPN connection security is enhanced by username/password authentication and certificate verification. This article is going to demonstrate IKEv2 with EAP connection between Vigor Router and macOS/iOS/Windows native VPN client.

Set Up Vigor Router

1. Go to Certificate Management >> Trust CA Certificate page, and click Create.

create rootCA    

2. Enter certificate information and select 2048 Bit Key Size

3. Click Generate

rootCA info    

4. Click Export to download the RootCA

export rootCA    

5. Go to Certificate Management >> Local Certificate page, and click Generate

6. Select Domain name as Type under Subject Alternative Name

7. Enter router's domain of router as Domain name

8. Enter certificate information and domain of router as Common Name(CN)

create local cert    

9. Select 2048 Bit Key Size and click Generate
10. Click Sign

self sign    

11. Select valid date and click Sign

local cert sign    

12. Go to VPN and Remote Access >> IPsec General Setup page, select the local certificate created in the previous steps as Certificate for Dial-in

ipsec cert setting    

Go to VPN and Remote Access >> Remote Dial-in User page, click an available index

Enable the account and enable IKEv2 EAP

Give Username and Password, then click OK

vpn setting    

Connecting from macOS

1. Import RootCA of router created in the previous steps to macOS device by following steps,

  1. Open Keychain Access, drag the certificate file to the Keychain Access windows to import it
  2. Select Always Trust as Extensible Authentication (EAP) and IP Security (IPsec)
mac import cert     mac cert usage    

2. Go to Network setting and click ' + '

3. Select VPN as Interface

4. Select IKEv2 as VPN Type

add mac vpn setting    

5. Enter the domain of router as Server Address and Remote ID

mac server setting    

6. Click Authentication Settings...

7. Select Username and enter Username and Password

mac authentication setting    

Click Connect, and check VPN status after successful connection

mac connected    

Connecting from iOS

1. Import RootCA of router created in the previous steps to iOS device by following steps,

  1. Tab the RootCA file
  2. Tab Install
  3. Make sure the RootCA has been verifyed then tab Done
ios import rootca     ios cert install     ios cert done    

2. Go to General >> VPN page, and tab Add Configuration

3. Select IKEv2 as Type

4. Enter domain of router as Server and Remote ID

5. Enter Username and Password

ios vpn setting    

6. Switch on the VPN

ios turn on vpn    

Then we can check the VPN status after successful connection

ios vpn connected    

Connecting from Windows

1. Import RootCA by following steps

  1. Double click the certificate file
  2. Click Install Certificate...
  3. Follow the steps to finish the certificate installation
windows install cert    

2. Go to Network and Internet Settings >> VPN, and click Add a VPN connection

3. Select Window (build-in) as VPN provider

4. Enter the domain of router in as Server name or address

5. Select IKEv2 as VPN type

6. Enter User name and Password

7. Click Save

windows vpn setting    

8. Click Connect to establish the VPN connection

windows vpn connect    

Then we can check the VPN status after successful connection.

windows connected    
Was this article helpful?
15How to establish VPN connection from macOS/iOS/Windows to Vigor router via IKEv2 EAP has been viewed------ 15 ------times.