48.4. Configuring Connections

  1. In IPSecuritas, open the "Connections", "Edit connections" menu.

  2. Create a new connection using the "New" button and give it a name (in this example Intra2net System).

  3. In the "General" menu, under "Remote IPSec Device" enter the DNS name of the remote side or if necessary the external IP address of the Intra2net system.

  4. On "Local Side", set "Endpoint Mode" to "Host" and enter the virtual IP that the Mac client should use for the VPN. Contrary to the field description, the IP is not optional, even if you selected "mode-cfg" in the configuration on the Intra2net system. The IP must be the same as specified there.

  5. With "Remote Side" set "Endpoint Mode" to "Network" and enter the address of the network behind the Intra2net system. The netmask is entered in CIDR notation; 24 (bit) corresponds to 255.255.255.0.

  6. From the "Phase 1" menu, it is possible to configure the encryption parameters for phase 1. These must match the encryption profile selected on the Intra2net system.

    For the default settings, set the "DH Group" to 1536 (5), "Encryption" to AES 192 and "Authentication" to SHA-256.

  7. From the "Phase 2" menu, it is possible to configure the encryption parameters for phase 2. These must match the encryption profile selected on the Intra2net system.

    In the default settings, set the "PFS Group" to "1536 (5)" and activate only the AES encryption methods under "Encryption". Under "Authentication" enable "HMAC SHA-256" only.

  8. In the "ID" menu, under "Local Identifier" and "Remote Identifier", set "Certificate" for each item. Select "Certificates" as the "Authentication Method" and enter the two previously imported certificates.

  9. In the "DNS" menu it is possible to have a specific domain resolved by a server in the VPN (e.g. the Intra2net system).

  10. In the "Options" menu, set the various options as shown here.

  11. The connection can now be established in the main window by clicking "Start".