47.4. Configuring Connections

  1. In IPSecuritas, open the Connections, Edit connections menu.

  2. Create a new connection using the New button and give it a name (in this example Intra2net System).

  3. In the General menu, under Remote IPSec Device enter the DNS name of the remote side or if necessary the external IP address of the Intra2net system.

  4. On Local Side, set Endpoint Mode to Host and enter the virtual IP that the Mac client should use for the VPN. Contrary to the field description, the IP is not optional, even if you selected mode-cfg in the configuration on the Intra2net system. The IP must be the same as specified there.

  5. With Remote Side set Endpoint Mode to Network and enter the address of the network behind the Intra2net system. The netmask is entered in CIDR notation; 24 (bit) corresponds to 255.255.255.0.

  6. From the Phase 1 menu, it is possible to configure the encryption parameters for phase 1. These must match the encryption profile selected on the Intra2net system.

    For the default settings, set the DH Group to 1536 (5), Encryption to AES 192 and Authentication to SHA-256.

  7. From the Phase 2 menu, it is possible to configure the encryption parameters for phase 2. These must match the encryption profile selected on the Intra2net system.

    In the default settings, set the PFS Group to 1536 (5) and activate only the AES encryption methods under Encryption. Under Authentication enable HMAC SHA-256 only.

  8. In the ID menu, under Local Identifier and Remote Identifier, set Certificate for each item. Select Certificates as the Authentication Method and enter the two previously imported certificates.

  9. In the DNS menu it is possible to have a specific domain resolved by a server in the VPN (e.g. the Intra2net system).

  10. In the Options menu, set the various options as shown here.

  11. The connection can now be established in the main window by clicking Start.