L2TP VPN configuration on Mac OS X
03/26/2020 258 48162
SonicWall has the functionality to allow remote users to connect to the network behind the SonicWall using L2TP inbuilt client on MAC OS X using IPSEC VPN protocol. This article focuses on configuration of L2TP VPN on MAC OS X clients to connect to SonicWall UTM appliances.
- Configure WAN group VPN on the SonicWall appliance.S
- Configure L2TP Server.
- Configure user account.
- Configure L2TP client on MAC OS X.
Configure WAN group VPN on the SonicWall appliance
- Login to the SonicWall management Interface, click on MANAGE , navigate to VPN | Base Settings .
- Make sure that the Enable VPN and WAN Group VPN check boxes are enabled.
- Click the configure icon for the WAN GroupVPN entry. The VPN policy window is displayed.
- In the General tab, IKE using Preshared Secret is the default setting for Aauthentication Method. Enter a shared secret in the Shared Secret Field.
- Click the Proposals tab, use the default settings or choose the desired Encryption and Authentication options.
- Click Advanced tab.
Enable Windows Networking (NetBIOS) broadcast - Allows access to remote network resources by browsing the Windows® Network Neighborhood.If your SonicWall appliance is running SonicOS 220.127.116.11 or above,
Enable Accept Multiple Proposals for Clients checkbox which allows multiple VPN or L2TP clients using different security policies to connect.
Require Authentication of VPN Clients via XAUTH - So that all the users connecting to he corporate network are authenticated. Unauthenticated traffic will not be allowed on to connect.The Trusted users group is selected by default.
Management via this SA: - Optionally, if you want the Remote users to manage the SonicWall security appliance, select the management method, either HTTP or HTTPS.
- Click the Client tab, select the following settings.
Cache XAUTH User Name and Password on Client : Single session
Virtual Adapter Settings : DHCP Lease
Allow Connections to :Split Tunnels
Set Default Route as this Gateway : Disable
Use Default Key for Simple Client Provisioning : Disable
- Click OK.
Configure L2TP Server.
- Navigate to VPN | L2TP Server.
Enable the L2TP Server. Click Configure.
- L2TP Server Settings
Keep alive time (secs): 60
DNS Server 1: (Use internal or your ISP's DNS)
DNS Server 2: 18.104.22.168 (or use your ISP's DNS)
DNS Server 3: 22.214.171.124 (or use your ISP's DNS)
WINS Server 1: 0.0.0.0 (or use your WINS IP)
WINS Server 2: 0.0.0.0 (or use your WINS IP)
- IP address settings
IP address provided by RADIUS/LDAP Server: Disabled
Use the Local L2TP IP Pool: Enabled
Start IP: 10.20.0.1 (Example)
End IP: 10.20.0.20 (Example)
- L2TP Users
User Group for L2TP Users: Trusted Users
- Select authentication protocols in preferred order.
NOTE: This has to match with the client.
6. Click OK
Configure User Accounts.
- Select Users |Local Users and Groups.
- Click Add.
- Under the settings tab give the desired name and password.
- Go to the Groups Tab , user should be member of Trusted users.
- Navigate to VPN access tab , select the subnet that the user need to access.
- Click OK.
Configure clients on Mac OS X
- Click on System Preferences icon in dock.
2. On System Preferences window, under Internet & Network, click Network icon.
3. On Network window, click the plus (+) button to create L2TP VPN connection.
4. For Interface, select VPN, for VPN Type, select L2TP over IPSec, and for Service Name, type name of your choice. When done, click Create button.
5. On Network screen, for Server address, enter the public IP address of SonicWall, and for Account Name, enter user name you created on SonicWall. When done, click on Authentication Settings button.
6. For User Authentication, select password, and enter your account password that was created on SonicWall. For machine authentication, select Shared Secret. When done, click OK button, then click Advanced button.
7. Click Apply button, then to connect to VPN, click on Connect button.
8. Once you are connected, you will see Status: Connected, and to disconnect from VPN, simply click disconnect button.