You can set up an L2TP IPsec connection from macOS to an NG Firewall appliance for remote VPN access.
Note: The preferred VPN connection method from macOS based devices uses IKEv2 VPN. See Configuring An IKEv2 IPsec Connection From MacOS To NG Firewall for instructions.
Before configuring your macOS based device with an L2TP IPsec connection, you must configure the IPsec server in NG Firewall to accept L2TP type connections. Refer to the main steps below:
- Enable the L2TP/Xauth/IKEv2 Server in the IPsec app and assign an IPsec Secret. See IPsec wiki.
- Create users for authenticating to the VPN server. See Local Directory wiki or Directory Connector wiki if you plan to authenticate from a Directory Service.
- Confirm L2TP is open through the firewall. There is a default access rule named Allow L2TP in Config > Advanced > Access Rules that must be enabled.
To create an L2TP IPsec connection in macOS:
- Go to System Preferences > Network.
- Click the plus symbol to add a new network interface.
- Select VPN as the Interface, and L2TP over IPSec as the VPN Type.
- Assign a name to your connection and click Create.
- On the next screen, set the IP address or hostname of your NG Firewall server and the user account.
- Click Authentication Settings to configure the user account credentials.
- Set the user account password and set the Shared Secret as the IPsec Secret you configured in the prerequisite step.
- Click OK to confirm the configuration.
- Click Connect to make the connection. Once the connection succeeds, you can see the status with send and receive totals.
Full Tunnel VPN Configuration
By default L2TP connections use split tunnel. To use full tunnel and send all Internet traffic over the tunnel, click the Advanced button and enable Send all traffic over VPN connection.