Skip to content
/ AlwaysAtHome Public

VPN solution based on IPSec IKEv2 for Apple devices

13 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

RavenSystem/AlwaysAtHome

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

52 Commits
.github
.github
 
 
AlwaysAtHome.mobileconfig
AlwaysAtHome.mobileconfig
 
 
README.md
README.md
 
 
ipsec.postconf
ipsec.postconf
 
 

Repository files navigation

AAH - Always At Home

Donate

Twitter

Chat

VPN solution based on IPSec IKEv2 for Apple devices.

Main goal of this solution is to use native Apple VPN IPSec IKEv2 support with AES128 and SHA256, and on-demand feature to connect to VPN server automatically.

An IPSec compatible router with AsusWRT-Merlin firmware installed is needed. Check AsusWRT-Merlin supported devices

Tested AsusWRT-Merlin routers:

  • GT-AX6000
  • RT-AX88U
  • RT-AX86U
  • RT-AX58U
  • RT-AC5300
  • RT-AC86U
  • RT-AC68U does NOT support IPSec.

Installation on Asus-Merlin routers

You need a router running a recent version of AsusWRT-Merlin-NG Firmware with Administration -> System -> Enable JFFS custom scripts and configs sets to Yes.

1. DDNS

Setup a DDNS service to access to your public IP address from Internet using a hostname.

In router web, go to WAN -> DDNS and configure as needed.

If Asus router is not connected directly to Internet, you must select External for Method to retrieve WAN IP and configure NAT UDP-4500 port to it, or DMZ.

2. IPSec Setup

Enter to router using SSH access, and exec following command:

curl -o /jffs/scripts/ipsec.postconf https://raw.githubusercontent.com/RavenSystem/AlwaysAtHome/main/ipsec.postconf && chmod a+x /jffs/scripts/ipsec.postconf

3. Configure VPN users

In router web, go to VPN -> VPN Server -> IPSec VPN:

  • Set Enable IPSec VPN Server to ON.
  • Fill Pre-shared Key with any very strong pass-phrase. However, this field will not be used to connect to VPN Server. Use only alphanumeric characters to avoid compatibility issues with different code character sets.
  • At bottom, create all users with their passwords (use very strong passwords), using + button, and selecting V1&V2 for Supported IKE version. Use only alphanumeric characters to avoid compatibility issues with different code character sets.
  • When finish, click on Apply.

It is not possible to connect more than one device using same user at same time.

iOS/iPadOS/macOS Installation

In order to work with this VPN Server, a mobile profile is needed.

Download AlwaysAtHome.mobileconfig template

You must edit template with a text editor, replacing these fields:

  • AAH_USERNAME: VPN Username
  • AAH_PASSWORD: VPN Password
  • AAH_HOSTNAME: DDNS Hostname (Warning, it appears twice).
  • AAH_MYWIFI_1, AAH_MYWIFI_2: SSID of WiFi networks where VPN is disabled. It is mandatory to add WiFi where this VPN Server is running.

It is possible to add more WiFi networks, addind more lines

<string>AAH_MYWIFI</string>

When finish, copy file to iPhone/iPad/macOS using AirDrop or similar, and install it from Settings.

Update a current installation

Do step 2. IPSec Setup and then go to VPN -> VPN Server -> IPSec VPN in router web and click on Apply.

Uninstall

Enter to router using SSH access, and exec following command:

rm -f /jffs/scripts/ipsec.postconf

Then, go to VPN -> VPN Server -> IPSec VPN in router web and click on Apply.

About

VPN solution based on IPSec IKEv2 for Apple devices

Resources

Readme
Activity

Stars

13 stars

Watchers

3 watching

Forks

0 forks
Report repository

Sponsor this project

Languages