IKEv2 VPN Configuration Profile - example workflow?

mark_mahabir
Valued Contributor

I wondered whether you had any example workflows for creating a Configuration Profile suitable for a IKEv2 VPN using machine-based authentication?

We have the option of using the Strongswan VPN standalone connection app but we would much rather use the facility built into OS X/macOS if at all possible.

We already have a Configuration Profile for our 802.1X University wireless network which includes an AD certificate request and also both our Root and Intermediate certificates, so it would be good to use the existing certificate stored in the System Keychain if at all possible, rather than request yet another certificate from AD-CS?

Any advice or pointers would be greatly appreciated!

6 REPLIES 6

innogamesjamf
New Contributor

Like the nice man said...any advice and points would be greatly appreciated, by me as well. On our side we are trying to install a IKEv2 profile but using username and passwords.

Surajit
New Contributor III

Hello Guys @mark.mahabir & @innogamesjamf did you managed to set it up using a configuration profile?
We are planning to implement Microsoft Always On VPN in our environment & want to setup ikev2 using configuration profile.
Any help or guidance would be greatly appreciated.

glopez
New Contributor II

I too am in the same situation having discovered that it is not listed as a connection option in the VPN config profile payload. @surajitbpn any luck?

Surajit
New Contributor III

@glopez We reached out to Apple and they suggested to crate the VPN configuration profile using Apple Configurator. We were able to create it successfully and when install the profile it works as expected.(We are using AD Domain Credentials to authenticate)
However when we try to upload the same configuration profile on Jamf & deploy it switches to either shared secret or certificate based authentication & that do not works in our environment.
Opened a support case with Jamf and waiting to hear back from them.

gachowski
Valued Contributor II

@surajitbapan

You have tor sign the profile before you upload it Jamf. it's a expected Jamf behavior... there are a few post about that this is the 1st one I found..

https://www.macblog.org/post/signing-configuration-profiles/

jweiss
New Contributor II

@surajitbpn could you provide any insight or resources you used to create the profile in Configurator? I am trying to figure out this solve right now. Our Windows team is swamped and doesn't have the time to figure out how to get this configuration working and I am a bit out of my element here but happy to learn through trial and error. Thanks in advance for any insight you can provide!