Skip to main content
How TosIPsec

Connect to IKEv1 IPsec VPN on Mac, iPhone, iPad

By GabrielleAugust 18, 2023No Comments

VPN Tracker enables you to create a secure IKEv1 IPsec VPN connection to your VPN gateway so you can enjoy remote access to your network wherever you are.

VPN Tracker's custom IPsec VPN profile gives you the flexibility to configure your connection exactly as you need it. Follow these steps to create an IKEv1 connection on Mac, iPhone and iPad.

How to set up IPsec VPN

General IPsec configuration tips

If your VPN gateway’s manual has instructions for setting up a VPN connection, follow those. Otherwise, please follow these basic settings as closely as possible:

  • Choose Pre-shared Key as your authentication method and keep a note of the secure password you choose
  • Aggressive vs Main Mode: Both will work but for compatibility reasons, choose Aggressive Mode where possible
  • Choose fully qualified domain name (FQDN) identifiers where possible – with most devices, you can enter any identifier you want, it doesn’t have to be a valid domain name. Good choices would be:
    • Local identifier: vpngateway.local
    • Remote identifier: vpntracker.local
  • Phase 1 and Phase 2 settings: We recommend always opting for the strongest algorithms supported by your gateway. For example, VPN Tracker is compatible with AES up to AES-256 and supports Diffie Hellman up to group 18
  • Network access: Most devices will require you to configure the network your users will have access to via the VPN. Usually this will be the gateway's LAN network (e.g. 192.168.142.0/24)
  • Remote endpoint: Sometimes you will need to specify the address VPN clients will be using when connected through VPN. If possible, set this to “any address” or “dynamic” (some- times also referred to as “0.0.0.0/0”
    • If your VPN gateway requires a single address to be entered, this will mean that only one VPN client can use this VPN connection at a time. In this case, take the address you configure on the VPN gateway, and enter it in VPN Tracker as the Local Address

Set up IKEv1 IPsec VPN on your device

If you need support setting up a specific device, check out some of our device-specific IPsec configuration guides:

IPsec VPN must-haves

Before you start, make sure you have the following configuration information available for your gateway, as you will need to enter it into VPN Tracker.

You can find these values on the network overview page or VPN setup UI of your VPN gateway.

Needed for all IKEv1 connections:

  • The public IP address or host name (e.g. “203.0.113.48” or “vpn.example.com”) of the VPN gateway you are connecting to
  • Your Pre-shared Key or certificate for the connection

You may also need:

  • Remote network address (if configuring split tunnelling for your VPN)
  • Local address (i.e. if your gateway only allows one VPN client at a time)
  • The local identifier (Some VPN gateways (e.g. Cisco) refer to the local identifier as “group name” or “group ID”)
  • A user login and password (i.e. if XAUTH user authentication has been enabled)
  • The settings for phase 1 and 2 (encryption algorithms, etc.)

Connect to your IPsec VPN in VPN Tracker

To start setting up IKEv1 IPsec VPN, first open the VPN Tracker IPsec Connection Creator:

VPN Tracker Connection Creator for IKEv1 IPsec

 

You can now begin filling out the configuration options for your connection.

VPN gateway address:

Enter the public IP address or hostname of the router, firewall, etc. you are connecting to via VPN:

 

Remote networks

By default, "Host to Network" is selected. This is the most appropriate network scenario for most setups and allows you to set up split tunneling and specify the network(s) you want to connect to via the VPN tunnel.

Enter the remote networks you wish to connect to and click the + to add more.

You can enter the addresses or networks in the following formats:

  • As a single address, e.g. "192.168.10.4",
  • as a single remote network, e.g. "192.168.10.0" (VPN Tracker will use the most typical subnet),
  • in CIDR notation, e.g. "192.168.10.0/24",
  • or with the full subnet, e.g. "192.168.10.0 / 255.255.255.0", which VPN Tracker will then convert to CIDR notation.

If required, you can enter a Local Address in the field provided (i.e. the remote endpoint mentioned in the configuration introduction.)

 

Authentication

Next, enter the Pre-shared Key you configured for the connection and save this in your Keychain:

 

Please note, this authentication method is selected by default. If your gateway uses certificates, please select this via the dropdown and upload the certificate files in the field provided.

 

XAUTH (optional)

Many gateways also require a user login and password - particularly if multiple users are connecting to the VPN. If your VPN gateway uses XAUTH, you can enter your login details in the field provided and save them in your Keychain:

 

Identifiers

Enter the remote identifier you configured on the VPN gateway as the local identifier in VPN Tracker (i.e. vpntracker.local) so that VPN Tracker can identify itself to the gateway when building the connection.

Please note, by default FQDN is selected as local identifier type. You can change this via the dropdown menu if your gateway has been configured differently.

 

DNS settings (optional)

If you have configured or are using a DNS server for your network, you can add these settings by checking the box "Use Remote DNS Server" – either by importing settings from your VPN gateway or entering them manually:

Configure DNS settings

Learn more about setting up DNS in VPN Tracker.

Configure additional IPsec settings

VPN Tracker also allows you to define custom advanced settings for IKEv1 IPsec connections. Switch to the Advanced tab to explore your configuration options:

Phase 1 and Phase 2 settings

By default, VPN Tracker chooses Aggressive Mode for Phase 1 negotiations. If you have configured your connection on your gateway using Main Mode, you can change this via the dropdown menu:

 

For Phase 1 and Phase 2, you also have the opportunity to select numerous encryption settings (i.e. encryption and authentication algorithms) for your connection:

The options you select here should exactly match up with the settings specified on your VPN gateway in order for the connection to work correctly.

Traffic Control

Use Traffic Control to customize your connections and determine exactly how much of your internet traffic is to be routed over the VPN. Set up split tunneling and exclude addresses from the VPN or set up connection-based rules.

Start using your new IPsec connection

As soon as you're finished configuring your new IKEv1 IPsec connection, save it in your VPN Tracker account using secure end-to-end encryption and enjoy easy remote access on your Mac, iPhone and iPad in VPN Tracker.

Why VPN Tracker?

Connecting to IPsec VPN? VPN Tracker is your best choice VPN client for Mac, iPhone and iPad. VPN Tracker's custom IPsec engine includes unbeatable support for all relevant IKE extensions, providing seamless compatibility with the most popular IPsec VPN gateways from Cisco, Fortinet, Zyxel, TP Link, Draytek, and more.

Your VPN Tracker benefits

  • Secure remote access to your company network, home office, and Smart Home - all in one app
  • Use your own VPN gateway
  • Ready-made profiles for 300+ VPN devices
  • Configuration wizard for a smooth and fast setup
  • For Mac, iPhone, iPad
  • Discover all features
connect to IPsec vpn on iOS
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedback
View all comments
Privacy-Settings / Datenschutz-Einstellungen
0
Feedback or improvements? Let us know!x
()
x