iPhone / MAC IPSec VPN einrichten

Deutsch (english below)

Guten Tag

Ich möchte auf dem iPhone bzw. MAC mit den eigenen Systemmittel einen VPN in unsere Firma ermöglichen. Dazu nutze ich die Anleitung unter https://vimeo.com/152186410. Diese ist nur ab Firewall aber nicht ab Router.

Welche Ports müssen vom Router des Internetanbieters zur Firewall freigegeben werden damit dies funktioniert?

Was ist zu beachten, dass die Verbindung klappt?

In diesem Zug, an der Firewall kommt auf Port 2 eingehend 192.168.33.2 an. Kann man dies irgendwie umbiegen, dass bei der automatischen Konfiguration über das Apple-File direkt die extene IP-Adresse oder der Hostname kommt?

Danke iim Voraus für die Hilfe.

Freundliche Grüsse

Gian Duri Calonder

English (German above)

Hello

I wanna enable the VPN over Systemintegrated Tools for iPhone and MAC-Clients. I followed this Instruction: https://vimeo.com/152186410.

The Instrucion only show if the Firewall directly at the Ketwork from the Provider.

What Port's have i to forward for accessing the VPN?

What have i to look at, that the connectino is working?

At Port 2 from the Firewall is incomming 192.168.33.2. Can we somehow change that at the iOS Configuration File automatically is shown our external IP-Adress?

Greetings,

Gian Duri Calonder

Edited TAGs
[edited by: emmosophos at 11:04 PM (GMT -7) on 13 Oct 2021]

Top Replies

emmosophos 8 days ago +1 suggested

Hello there,

Thank you for contacting the Sophos Community.

If your XG isn’t at the border of your network, you would need to pass down Port 500 and 4500 on UDP

Regards,

Parents

0 emmosophos 8 days ago

Hello there,

Thank you for contacting the Sophos Community.

If your XG isn’t at the border of your network, you would need to pass down Port 500 and 4500 on UDP

Regards,

Emmanuel (EmmoSophos)

Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Up +1 Down

Reply

Verify Answer

Reject Answer

Cancel
0 gian duri calonder 7 days ago in reply to emmosophos

Hello

Thank You for your support.

i already opend port 500 and 4500 UDP.

Connection not possible.

we have a Fritz Box.

Greetings,

Gian Duri Calonder
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 emmosophos 7 days ago in reply to gian duri calonder

Hello Gian,

Can you do a GUI Packet Capture on the XG for Port 500 and 4500 to see if the XG is seeing the packets arriving at it?

If you see the packets arriving, check what does the charon.log says when the connection is happening.

Regards,

Emmanuel (EmmoSophos)

Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 jprusch 7 days ago in reply to gian duri calonder
Hello,

first thing: you need to disable VPN on the Fritzbox itself, so that the server-daemon of the box does not interfere wih your port forwardings.

Then, you need to forward IPsec with ESP :

UDP 500

UDP 4500

ESP protocol with IP protocol number 50 (NOT UDP or TCP 50 !)
Mit freundlichem Gruß, Regards from Germany,

Philipp Rusch

New Vision GmbH, Germany
Sophos Silver-Partner

If a post solves your question please use the 'Verify Answer' button.
Cancel
Up 0 Down

Reply

Verify Answer

Reject Answer

Cancel

Reply

0 jprusch 7 days ago in reply to gian duri calonder
Hello,

first thing: you need to disable VPN on the Fritzbox itself, so that the server-daemon of the box does not interfere wih your port forwardings.

Then, you need to forward IPsec with ESP :

UDP 500

UDP 4500

ESP protocol with IP protocol number 50 (NOT UDP or TCP 50 !)
Mit freundlichem Gruß, Regards from Germany,

Philipp Rusch

New Vision GmbH, Germany
Sophos Silver-Partner

If a post solves your question please use the 'Verify Answer' button.
Cancel
Up 0 Down

Reply

Verify Answer

Reject Answer

Cancel

Children

No Data