{"id":1830,"date":"2018-05-11T00:24:28","date_gmt":"2018-05-10T18:54:28","guid":{"rendered":"https:\/\/judepereira.com\/blog\/?p=1830"},"modified":"2018-05-11T00:33:21","modified_gmt":"2018-05-10T19:03:21","slug":"ios-mac-ipsec","status":"publish","type":"post","link":"https:\/\/judepereira.com\/blog\/ios-mac-ipsec\/","title":{"rendered":"How to tunnel all traffic from your iOS device to your own server via IPSec"},"content":{"rendered":"

TL;DR:<\/strong> A DigitalOcean droplet, strongSwan, and a custom Configuration Profile for iOS routes all the traffic from my iPhone via my droplet. Why? Just because I can.<\/p>\n

Note:<\/strong> This setup does not<\/strong> require you to download Apple Configurator and switch your iPhone into Supervised mode (we will create a configuration profile by hand instead, and install it on the iPhone).<\/p>\n

Configure strongSwan by following all the instructions here<\/a><\/h2>\n
    \n
  1. Ignore the part about configuring the firewall, we’ll do this later<\/li>\n
  2. Ensure strongswan starts on boot via chkconfig\n
    chkconfig --add strongswan\r\nchkconfig strongswan on\r\n# Verify\r\nchkconfig --list strongswan<\/code><\/pre>\n<\/li>\n
  3. You don’t need to install any certificates on your iPhone\/iPad\/Mac as we’re using a pre-shared key (PSK) instead of a certificate based client authentication mechanism<\/li>\n<\/ol>\n
    Allow traffic to be forwarded from your server by adding the two iptables<\/em> rules here<\/a><\/h2>\n
    Be sure to modify the network in the two iptables<\/em> commands (it should match the one specified in your strongSwan config)<\/p>\n
    Save the two rules which you’ve just added<\/h2>\n
    service iptables save<\/code><\/pre>\n
    Open up UDP ports 500 and 4500 for your instance if required (AWS\/DigitalOcean\/etc)<\/h2>\n
    \"\"<\/a><\/p>\n
    Adapt the following Configuration Profile for your iOS device<\/h2>\n