Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mobile IPSec VPN On Demand from iOS/macOS?

    IPsec
    2
    2
    237
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TheWaterbug
      last edited by

      This may be more of an iOS question than a pfsense/IPSec question, but is there a known way to have an iOS/macOS device automatically connect to my pfsense 2.60CE IPSec endpoint, but only when attempting to connect to specific IP addresses inside that LAN?

      For example I currently have my security camera system port forwarded in from ACMERocketCars.dyndns.org:80 to 192.168.50.3:80. That's on a separate subnet, firewall off from all my critical infrastructure, but it still seems a bit scary to have a machine widely exposed on the internet.

      I already have a mobile IPSec tunnel set up that works from both my macOS devices and my iOS devices, but I have to "dial" it manually every time, which is inconvenient any time I want to just quickly check a camera.

      Is there a recipe for creating a configuration file that I can load on my macOS and iOS that auto-dials my VPN connection if I attempt to access 192.168.50.3:80, and then drops the connection if there's no traffic in X minutes?

      D 1 Reply Last reply Reply Quote 0
      • D
        Deadringers @TheWaterbug
        last edited by

        @TheWaterbug said in Mobile IPSec VPN On Demand from iOS/macOS?:

        This may be more of an iOS question than a pfsense/IPSec question, but is there a known way to have an iOS/macOS device automatically connect to my pfsense 2.60CE IPSec endpoint, but only when attempting to connect to specific IP addresses inside that LAN?

        For example I currently have my security camera system port forwarded in from ACMERocketCars.dyndns.org:80 to 192.168.50.3:80. That's on a separate subnet, firewall off from all my critical infrastructure, but it still seems a bit scary to have a machine widely exposed on the internet.

        I already have a mobile IPSec tunnel set up that works from both my macOS devices and my iOS devices, but I have to "dial" it manually every time, which is inconvenient any time I want to just quickly check a camera.

        Is there a recipe for creating a configuration file that I can load on my macOS and iOS that auto-dials my VPN connection if I attempt to access 192.168.50.3:80, and then drops the connection if there's no traffic in X minutes?

        Yes take a read of this: https://github.com/nerd-one/VPN-OnDemand/blob/master/VPN%20OnDemand.mobileconfig

        And my post here which shows where the code goes:

        https://forum.netgate.com/topic/181588/ios-on-demand-vpn

        1 Reply Last reply Reply Quote 1
        • First post
          Last post