Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - Kerio Control VPN
  3. Articles

Configuring IPsec VPN client on Apple OS X

Overview 

There are three steps to connect Apple OS X computer to your company network through IPsec VPN and authenticate with an SSL certificate:

Step-By-Step Guide

Step 1: Configuring Kerio Control

  1. Setup IPsec VPN server to use certificates issued by a Local Certification Authority. For more information refer to Configuring IPsec VPN Server.
  2. Go to Definitions > SSL Certificates.

  3. Click Add > New Certificate and create a new certificate for VPN clients.

    NOTE

    Do not use IP address instead of the Kerio Control hostname.

  4. Click Apply in the SSL Certificates section.
  5. Export this certificate in the PKCS#12 format.

  1. In the Export Certificate in PKCS#12 Format dialog, use a password without national characters.
  2. Check Include all certificates in the certification path if possible and Kerio Control exports all higher certificates including the certification authority.
  3. Click OK.

Step 2: Importing the certificate

  1. Go to Applications > Utilities > Keychain Access.
  2. Switch view to System keychain and unlock the keychain.

    NOTE

    Do not confuse keychains. Default Login keychain is unwanted in this case.

  3. Drag the PKCS#12 file, drop it to the System keychain. There are at least two Kerio Control certificates — one or more certificates (blue certificate icon) and Certification Authority (gold certificate icon) in the Keychain Access.
  4. Locate the imported Certification Authority (CA) in the System keychain.
  5. Set the CA trust properties to Always trusted.
  6. Locate the imported certificate and ensure the certificate is trusted.

Procedure for Mac OS X 7 and newer:

  1. In the System keychain, go to My Certificates.
  2. Find your certificate and click the small arrow and a private key appears.
  3. Double-click the private key and go to Access Control.
  4. Click the + icon and add the following executable to the list: /usr/sbin/racoon

    NOTE

    If you don't see the /usr folder when browsing for the executable, use the Show hidden files.

    The shortcut is cmd-shift-. (cmd-shift-dot).

  5. Click Open.

Keychain Access uses your SSL certificate.

Step 3: Creating VPN client on Apple OS X computer

  1. Go to System Preferences > Network.
  2. In the Network dialog, click the + icon and add VPN.
  3. Select the L2TP over IPsec mode.

  1. Type a hostname of Kerio Control to Server Address and your Control's username to Account Name.

    NOTE

    Do not use IP address instead of the Kerio Control hostname.

  2. Click Authentication Settings.
  3. Set user authentication by password and type your Kerio Control's password. MS-CHAPv2 might be needed.

  1. Set Machine Authentication by a certificate, click Select and select the certificate from the previous step.

Confirmation

The Apple OS x device is now connected via IPSEC VPN.

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments