How to configure and use VPN – IKEv2 connection – MacOS –

Apple said, “iOS 10 and macOS Sierra will take away the PPTP connection”.
Thus, please use IKEv2 connection instead of PPTP connection if you want to use PPTP connection for iOS 10 and MacOS Sierra.
The manual was checked on mMacOS 10.11.6.

How to use  IKEv2 with Client Certification

This is a method where a client certificate is issued for each terminal and authenticated here.

For details, please refer to the following.

 

How to use IKEv2 (Old method: Not recommend)

If you completed the following configuration of IKEv2 connection, you can use IKEv2 by the following operation.

  1. Connect to the Internet.
  2. Select “KUINS-IKEv2” in “VPN” icon on the upper menu.
    e11-i
  3. If the status is “Connected”, the IKEv2 connection is successful!

 

Configuration of IKEv2 Connection (User Authentication)

  1. Open “System Preferences”.
    e1
  2. Select “Network”.
    e2
  3. Click on “+” button on the left side menu and start the network creation.
    e3-i
  4.  Configure the following settings and click on “Create” button.下記のように設定して、「作成」ボタンを押してください。
    Interface : VPN
    VPN Type : IKEv2
    Service Name : KUINS-IKEv2
    e4
  5. Configure the following settings.
    Server Address : ikev2.kuins.kyoto-u.ac.jp
    Remote  ID : ikev2.kuins.kyoto-u.ac.jp
    Local ID : SPS-ID or ECS-ID
    e5-i
  6. Then, Click on “Autoentication Settings” button and configure the following settings and click on “OK” button.
    Authentication Settings: Username
    Username : SPS-ID or ECS-ID
    Password  : SPS-ID or ECS-ID Password
    e6-i
  7. Then, Click on “Advanced.. “button and configure the following proxy setting and click on “OK” button.
    Turn on “Automatic Proxy Configuration”
    URL : http://wpad.kuins.net/proxy.pac
    e8
  8. Click on “Apply” button and save above setting.

13th September, 2016  Chief of Information Processing Office: Kitani.

Appendix

A. How to remove Password for IKEv2 connection.

If you don’t want to save the password for IKEv2 connection because for the security reason, please see the following document.
(Ex. if the PC is stolen, an attacker may attempt to access or attack to Kyoto University network using your IKEv2 connection. )

  1. Open “Keychain Access” in Utilities folder in Application folder.
  2. Click “Passwords” in the left side menu and search as “KUINS-IKEv2” keyword.
    e10
  3. And remove “KUINS-IKEv2” (Delete button).

B. Configuration of IKEv2 Connection (Client Certification)

If you want to use more secure connection, you can use “Client Certification” system.

  1. Publish Client Certification file.
  2. Open System Preferences > Network  >  KUINS-IKEv2 and click on “Authentication Settings” button.
    e5-i
  3. Select “Certificate” in Authentication Settings and select “Client Certification” file.
    e7