How to establish VPN connection from macOS/iOS/Windows to Vigor3900 via IKEv2 EAP

Modify from the previous version IKEv1, IKEv2 is a new VPN protocol and has lots of improvements then the former. It is more stable, more secure and faster connection establishing speed. Support newer and more complicated secure ciphers to make the connection more secure. Using new connection progress and discard the PPP, IKEv2 provides the faster establishing speed.

Vigor3900 supports IKEv2 with EAP authentication since firmware version 1.4.0. VPN connection security is enhanced by username/password authentication and certificate verification. This article is going to demonstrate IKEv2 with EAP connection between Vigor3900 and macOS/iOS/Windows native VPN client.

Set up Vigor3900

  1. Go to Certificate Management >> Trusted CA page, and click Build RootCA
  2. Enter CA information and select 2048 as Key Size
  3. Enter Passphase to sign local certificate and click Apply
rootca    

  4. Click Download to export the Root CA to import to VPN client

  5. Go to Certificate Management >> Local Certificate page, and click Generate

  6. Select Domain Name in as ID Type and enter domain of router as ID Value

  7. Enter certificate information and enter domain of router as Common Name (CN)

  8. Select 2048 as Key Size and Enable Self Sign

  9. Enter Root CA Key Passphase and Click Apply

local cert.    

  10. Go to User Management >> User Profile page, and click Add

  11. Enable the profile and enter Username and Password

  12. Enable Xauth/EAP

user profile    

  13. Go to VPN and Remote Access >> VPN Profiles >> Ipsec tab, and click Add

  14. Give a Profile name and enable the profile

  15. Enable For Remote Dial-In User

  16. Enter router LAN network in Local IP / Subnet Mask

  17. Select IKEv2 as IKE Protocol

  18. Select RSA as Auth Type and the certificate created in previous steps as Local Certificate

ipsec profile    

Connecting from macOS

Import RootCA of router created in the previous steps to macOS device by following steps,

  1. Open Keychain Access, drag the certificate file to the Keychain Access windows to import it
  2. Select Always Trust as Extensible Authentication (EAP) and IP Security (IPsec)
keychain     root keychain allow    

Go to Network setting and click ' + '

Select VPN as Interface

Select IKEv2 as VPN Type

macOS network    

Enter the domain of router as Server Address and Remote ID

macOS ID    

Click Authenticateion Settings...

Select Username and enter Username and Password

userpass    

Click Connect, and check VPN status after successful connection

macOS working    

Conneting from iOS

Import RootCA of router created in the previous steps to iOS device by following steps,

  1. Tab the RootCA file
  2. Tab Install
  3. Make sure the RootCA has been verified then tab Done
install cert.    

Go to General >> VPN page, and tab Add Configuration

Select IKEv2 as Type

Enter domain of router as Server and Remote ID

Enter Username and Password

iOS setting    

Switch on the VPN

iOS connect vpn    

Then we can check the VPN status after successful connection

iOS working    

Conneting from Windows

Import router's RootCA by following steps

  1. Double click the certificate file
  2. Click Install Certificate...
  3. Follow the steps to finish the certificate installation
windows import cert.    

Go to Network and Internet Settings >> VPN, and click Add a VPN connection

Select Window (build-in) in as VPN provider

Enter the domain of router as Server name or address

Select IKEv2 in as VPN type

Enter User name and Password

Click Save

windows setting    

Click Connect to establish the VPN connection

windows connect vpn    

Then we can check the VPN status after successful connection.

windows working    
Was this article helpful?
15How to establish VPN connection from macOS/iOS/Windows to Vigor3900 via IKEv2 EAP has been viewed------ 15 ------times.