Difference between revisions of "VPN Instructions for Mac OS X"

Revision as of 11:15, 28 May 2015

All three VPN types (SSL VPN, IKEv2 VPN, and Clientless SSL VPN) are available on Mac OS X 10.9 (Mavericks) and 10.10 (Yosemite). The following instructions will help you create and use the VPN option of your choice. For more information on the VPN types, see VPN.

Using the SSL VPN Option on Mac OS X (preferred)

Setup the CAEDM SSL VPN on Mac OS X

1. Using your web browser, go to https://vpn.et.byu.edu
   • NOTE: If you get an orange login screen, then you have entered the wrong address and you will not be able to login. Try again with the exact address listed above.
2. In the blue Please login box, enter your username and password
3. Click Login
4. In the FortiClient Download box, click FortiClient Mac
   • NOTE: You can alternatively download the FortiClient for Mac from https://www.forticlient.com.
5. Run the client installer you just downloaded. The install process will:
   1. Unpack the installer
   2. Run a virus scan
   3. Present you will a license agreement, which you will have to accept to continue
   4. Prompt for Complete or VPN only install; choose the VPN Only button
   5. Prompt for an install location; accept the default
   6. Prompt to confirm your previous settings and continue the install
   7. Install the client
      • NOTE: The installer will create a new "fortissl" adapter in your list of network connections. Do not change or remove the fortissl adapter, or the SSL VPN will not work
   8. Prompt to finish the install; Click Finish
6. Open the FortiClient either from the Spotlight, or from the FortiClient icon in the menu bar.
7. Click Configure VPN
8. Click the SSL-VPN button at the top, if it is not already selected
9. In the Connection Name field, enter CAEDM SSL VPN
10. In Remote Gateway, type in vpn.et.byu.edu
11. Click Apply, and then click Close

To connect to the CAEDM SSL VPN

1. Open the FortiClient application, either from your menu bar if FortiClient was automatically started, or from the Spotlight
2. Select the CAEDM SSL VPN connection, if it is not already selected
3. Enter your Username and Password in the appropriate fields
4. Click Connect

To disconnect from the CAEDM SSL VPN

1. Click on the FortiClient icon on your task bar.
2. Click Disconnect.

Using the IKEv2 VPN Option on Mac OS X

Setup the CAEDM IKEv2 VPN on Mac OS X

Apple has yet to release official IKEv2 support for Mac OS X. While the strongSwan IKEv2 client works, you must change your Network Location each time you connect or disconnect with the VPN. Otherwise OS X will ignore settings provided by the VPN, and be unable to find other computers. For this reason, the SSL VPN client is easier to use when using a Mac. If the SSL VPN does not work for you, or if you would still like to use the IKEv2 VPN instead, the instructions are as follows:

NOTE: The following instructions are based on OS X 10.9 (Mavericks) and 10.10 (Yosemite). Other versions of OS X may vary.

1. Steps to prepare the strongSwan VPN connection
   1. Download the strongSwan client zip file from http://download.strongswan.org/osx/strongswan-5.3.0-1.app.zip
   2. Double click the strongswan-5.3.0-1.app.zip file you just downloaded. This will extract the archive in the current folder
   3. Drag the strongSwan application to your Applications folder
   4. Double click the strongSwan application
   5. Confirm that you want to open an application downloaded from the Internet by clicking Open
      • NOTE: You will now have a light-gray swan icon in your menu bar. This will be the only indication strongSwan is running.
   6. Click on the light-gray strongSwan icon in the menu bar, and click Add Connection...
   7. In the Connection name field, enter CAEDM IKEv2 VPN
   8. In the Authentication selector, choose IKEv2 EAP
   9. In the Server address field, enter vpn.et.byu.edu
   10. In the Username field, enter your CAEDM username
2. Steps to prepare the DNS workaround
3. Open up the System Preferences application
4. Select Network
5. Unlock the settings by clicking on the padlock icon on the left side
6. In the Authenticate dialog, enter your username and password, and click OK
7. In the Location field, select New Location Profile
8. Name the new location CAEDM IKEv2 VPN
9. In the Location field, select the newly created CAEDM IKEv2 VPN location
10. Choose the wired or wireless network connection you are currently using
11. Click the Advanced... button
12. Click the DNS tab
13. Change the DNS Servers for that connection to be 128.187.48.2 and 128.187.56.2
14. Click Apply
15. Change the Location field back to Automatic

To connect to the CAEDM IKEv2 VPN

1. Open the System Preferences application, and click Network
2. Switch the Location field to the CAEDM IKEv2 VPN location, forcing the Mac to use the DNS servers specified for that location
3. Start the strongSwan app from the Spotlight (if it isn't already running)
4. Click on the strongSwan icon in the menu bar
5. Select Connect, and click CAEDM IKEv2 VPN

You are now connected to the CAEDM IKEv2 VPN.

To disconnect from the CAEDM IKEv2 VPN

1. Click on the strongSwan icon in the menu bar
2. Click Disconnect
3. Open up the System Preferences application
4. Switch the Network Location back to the location you normally use

You are now disconnected from the CAEDM IKEv2 VPN