The iPhone supports IKEv2, IPsec, and L2TP Client VPN.

Sophos UTM supports SSL, PPTP, L2TP over IPsec, IPsec, and more VPN protocols. For this guide, we are going to use iPhone’s L2TP VPN Client to remotely connect to our Sophos UTM.

To start, log in to your Sophos UTM and select the “Remote Access” section

  • Click L2TP over IPsec for compatibility with iOS

 

chrome_2016-12-08_09-48-23

Enable the protocol by toggling the switch to “enabled”

chrome_2016-12-08_09-48-39

chrome_2016-12-08_09-48-51

Choose Authentication Mode: Preshared key

chrome_2016-12-08_09-49-08

  • Create a secure key and repeat it 2x below

chrome_2016-12-08_09-55-16

Assign IP address by “IP address pool”

chrome_2016-12-08_09-49-27

Pool Network: Choose your LAN subnet or internal network. You may also choose a VPN pool, but I decided to stay on the same subnet while I remote in.

chrome_2016-12-08_09-49-35

Authentication via “Local” (accounts stored on the Sophos UTM)

chrome_2016-12-08_09-49-43

In users and groups, you should create accounts for those who will be using the VPN and then add them here. You can also enable the user portal so they can download their connection profile directly to their iOS.

Shown above, admin is the account for the Sophos UTM which I will also authenticate to the VPN with.
It is best practice not to use this account, and to create other accounts for VPN remote access.

chrome_2016-12-08_09-49-47chrome_2016-12-08_09-50-04

Save your changes, open the Live Log, and move on over to your iPhone for configuration.

NOTE: If you have the User Portal enabled, you can log in and download the connection settings for your VPN profile and skip all the steps below. I feel that it also integrates with iOS very well.


Refer to the images below:

Open Settings

  • Choose General
  • Scroll down and select “VPN”
  • Add a new configuration
  • Change Type to L2TP
  • Input the required info:
    • Description: Sophos
    • Server: Your UTM IP address or public domain name.
    • Account: The local account (on the sophos) you wish to use to log in to VPN
    • Password: The password for authenticating with the above account on Sophos UTM
    • Secret: The Preshared Key we entered 2x on the Sophos.
    • Send all traffic: Toggle or turn off.
      • Depends if you want remote access only or to browse securely and privately.

Troubleshooting: Remember to check your Live Log! It will tell you verbosely when there is an obvious problem such as the pre-shared secret mismatch. Below is a successful negotiation. chrome_2016-12-08_10-02-00

 


Leave a Reply

Related Posts

Amazon AWS

netdata: A remarkable server monitoring utility.

I wanted to write a short introduction to a tool that I’ve been using a lot on my newest servers and development projects. This tool seriously provides the most amazing way of monitoring and comprehending Read more…

Linux Server

How to install NGINX, get a free SSL certificate, and configure a reverse proxy (part two)

This is part two, the final part of configuring NGINX with SSL as a reverse proxy. Now that you have successfully installed NGINX and obtained a free SSL cert, you can proceed.   There is Read more…

Cisco Meraki

How to provide Guest WiFi network access securely with Cisco Meraki Appliances

If you have an office, facility, or residence with a lot of guest traffic and are needing to provide the guests with their own network using your existing Meraki equipment, this is the best way Read more…

%d bloggers like this: