QVPN Alternate for Macs

How to create an IP Sec tunnel for MAC Clients

A QVPN alternative

This is will walk you through on how to set up a MAC computer to connect to a RV series router via VPN.

1. Download the VPN client software from here2. Install the software on the Mac by copying all the files contained within the dmg

to a newly created folder in “Applications”. User should name the folder “IP Se-curitas”

NOTE:If you have (W)RV(S) router or a router that is NOT a RV0XX click here for instructions. You may need to improvise on the settings as some firmware may not look the same as shown or may have different wordage.

3. Configure the router as followsa. Navigate to “VPN”

Prepared by: Alejandro Gallego September 16, 2009

http://www.lobotomo.com/index.html

b. Select “Client to Gateway”c. Start by selecting “Group VPN” radio button

d. Give it a namee. Choose the WAN interface if multiple WANsf. For Remote Client Setup select “Microsoft XP/200 VPN Client”

g. Configure the IPSec as neededh. Save settingsi. Now we need to configure IPSecuritas

4. Launch the application by browsing to Applications and launching “IPsecuri-tas.app” you may also see an icon located in the menu bar at the top of the screen. Looks like this . click on it and then select “Open IP Securitas”


5. You should now have this window

6. On the menu bar at the top of the screen click “Connections >> Edit Connec-tions” or press “Command + E”

7. You should now have the “Connections” window opened

8. Click on the “Plus” sign at the bottom left hand side and give your connection a name. Optionally you may click on the “Wizard” button to the right of the “Plus” and just answer the questions. You will choose firewall and select “Linksys” and then choose the router; such as WRVS4400N.

9. Under the General tab type the IP address of the remote router hosting the VPN connection. Leave “Endpoint Mode” as default selection of “Host”. In the “Re-mote Site” section choose “Network(s)” and type in the appropriate network ID(s).


10. Now we need to configure the Keying methods. Select “Phase 1” and enter the appropriate values exactly as configured on the RV router

11. Leave the “Exchange Mode” on “Main” unless connecting via FQDN. If connect-ing via FQDN select “Aggressive”. Leave the other settings as default unless you know exactly what they are for.

12. Now select “Phase 2” and enter the appropriate information. In this window you will want to deselect all the unused Encryption and Authentication methods. Only select what you are using.


13. Lastly select “ID”; the “Local and Remote Identifiers” should be set as required. Such as “Address (IP address), FQDN, etc.

14. If required go to the “DNS” tab and enter the information needed.15. Close this window and return to the small main window and click “Start”16. BAM! You are connected and you are now happy go lucky because this is way

better than QVPN!Enjoy!


Connecting to a router that does not have the “Client to Gateway” feature

Now let’s see if we can connect to a (W)RV(S) series router. I will use a WRVS4400N v2 router and I will show you how to configure the router and client.

Step 1.Log into the router (WRVS4400N) and go to “VPN > IPSec VPN”Click on “Enable” radio button and then give your tunnel a name.


Step 2.Unless you have good reason leave the “Local Security Group Type” to Subnet and make sure that the information is correct.


Step 3.Under “Remote Security Gateway Type” change that to “Any”; then change the “Re-mote Security Group Type” to “IP Addr.”This is the real cool part; since both sides of the tunnel must have different LAN network IDs we can use this to our advantage (you will see later why this is so cool). Type in an


address like “172.16.10.10” this address does not and should not be valid to your current network.

Step 4.Now we are going to set the Phase 1 and 2 authentication. In the screenshot you will see the settings that I chose for my tunnel. The important part is that all of these set-tings MUST match on both sides of the tunnel, otherwise it will not connect.

Save settings.

Step 5.Install IPSecuritas as outlined here.


Step 6.With the software installed you should now have an icon on the menu bar like thisClick on it and then click “Open IPSecuritas” at the bottom of the menu. With IPSecuritas opened and in focus click “Command + E” to open the connections menu.NOTE:

Your connections window would be blank since we have not configured any tunnels.

Step 7.Click on the “plus” sign to add your tunnel and give it a name. Now enter the remote WAN IP address of the router we just configured.

Step 8.Remember the real cool part; well here it is. Since we will be using this as a QVPN re-placement we need to be able to access our VPN tunnel from anywhere. And since we need to specify a LAN IP for a location in which we have never been to, we give tell the


tunnel that this is our IP address regardless of what the LAN network we are connected to says. Even if you don't understand what I just said, just believe me that this is really cool.

Step9.Continue to configure Phase 1 and 2 by matching all the settings to the router. If you see a setting that you do not have on the router just leave it alone DO NOT change it.

Step 10.Click on the ID tab and enter the pre-shared key and leave the Identifiers ALONE. In other words keep the default settings.

Step 11. (Optional)If you have a DNS server on the remote network you may specify it under the DNS tab along with your domain name.

All configuration is complete and everything is automatically saved. Go ahead and quit IPSecuritas and then click on your icon in the menu bar. You will now see your config-ured tunnel.Click start IPSec and if all is good you will connect within 10sec.

Test your connection by pinging accross the tunnel or just see if you can connect to a network share via Finder.

Enjoy!


Documents

QVPN Alternate for Macs