hwdsl2 / setup-ipsec-vpn

Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
Other
25.29k stars 6.32k forks source link

How to add VPN as a "Personal VPN" in iOS with .mobileconfig? #1594

Closed Intenditore closed 2 months ago

Intenditore commented 2 months ago

That's not quite an issue, but rather a question. I've successfully set up VPN with your script, may thanks. But generated .mobileconfig adds VPN into a "VPN CONFIGURATIONS" section. But for my setup it's mandatory to add it as "PERSONAL VPN" so it can work together with another one. Here on the screenshot (found on internet) ![2024-08-16_21-14-05](https://github.com/user-attachments/assets/9b03b156-3b53-4478-bc29-ae6a312f08ec

I studies configuration reference, but didn't find a way to do this. I found Brooog IKEv2 app that can add IKEv2 VPN config in there, but it needs a username/password pair, a default VPN server connection config doesn't have a password though, and I'm not skilled enough to set it up properly.

Can you please suggest a solution?

hwdsl2 commented 2 months ago

@Intenditore Hello! For your use case, I understand that you want to add VPN profiles into the "personal VPN" section in iOS. Currently, this is not supported in this project. Here are some references [1] [2] from the web. It looks like this requires adding VPN configurations through certain iOS apps.

For IKEv2, this project currently supports certificate-based authentication, but not EAP (username/password).

[1] https://apple.stackexchange.com/q/180281 [2] https://developer.apple.com/documentation/networkextension/personal_vpn

Intenditore commented 2 months ago

It looks like this requires adding VPN configurations through certain iOS apps.

Yes, and happily I have one. But it requires username + password + certificate combination. The way it's set up from the start there is only a .mobileconfig profile. Couldn't you please give me a bit of information on how to convert to username + password authentification method? Currently after initial setup I couldn't even find certificate .ca file anywhere on the server and got stuck 😐

hwdsl2 commented 2 months ago

@Intenditore This project does not currently support IKEv2 EAP authentication with username/password. It is a limitation in the Libreswan VPN software that this project uses, as that feature is not yet available. I would suggest that you look into alternative solutions for this use case.