Setup VPN connection to SonicWALL from Mac OSX with IPSecuritas
Revised July 10 2016
I have used Dell’s SonicWALL firewalls at several employers. From TZ190’s to NSA 3600’s. I am no expert on SonicOS or SonicWALLs in general, but I have been either the I.T. person who made the decision to use them, or I have had administrative access to them so I could perform maintenance. I’m much more experienced at the Windows server and desktop level.
It’s relatively easy to connect a Windows machine/client, to a SonicWALL firewall using their free Global VPN Client. But it’s always been a headache to connect a Mac OSX computer, to a SonicWALL firewall. Well let me take that back. It’s relatively easy to use equinux’s VPN Tracker to connect to a SonicWALL. Somehow VPN Tracker “just works” with little configuration. But it also costs $60.00 to $70.00 per license/computer. If you work for a large organization, buying VPN Tracker for your Mac VPN Connectivity needs, should be a no-brainer. But for those of you who work for smaller companies who question a lot of expenses, and you have Mac computers, then Lobotomo’s free IPSecuritas VPN Client may be for you. If it works out for you, I do encourage you click their Donate button and give what you can.
It took me quite awhile to finally get IPSecuritas working with the latest SonicWALL firewall I’ve been connecting to, an NSA 3600. The firmware version on the SonicWALL I’m using is SonicOS Enhanced 126.96.36.199-19n. Your settings may differ if you are using a different SonicWALL or a different firmware version – but things should be similar, in the same classes of firewalls. And the IPSecuritas version I’m using is V4.6.1.
I read several guides, and tried countless combinations of settings. I credit the following guides, for getting me started:
- The basic IPSecuritas to SonicWALL V3 guide
- wimpog’s blog reply on SonicWALL NSA 2400 VPN
- a blog post by kleetus on SonicWALL enhanced firmware
- Sean LaBrie’s article on Configuring IPSecuritas for Use with a SonicWall TZ190 Enhanced
- And a somewhat unrelated blog post on Connecting a Mac to a SonicWALL via LT2P
All of the above are somewhat old articles, often referencing much older versions of SonicOS firmware or the IPSecuritas client itself.
Most of the above articles attempt to explain their settings by describing the settings/options to select. And the problem is, with older versions of the firmware or IPSecuritas client, some of the settings/options have changed and it’s a bit difficult to understand some of what is described.
I’m going to show you the setup primary via screenshots. With some descriptions only going into detail about options that may differ on your setups.
Keep in mind that what worked for me, may not work for you. Plus, you really need to have administrative access to your SonicWALL, or know the I.T. person who does, who can help you sort this out.
VPN > SETTINGS MENU
On this page, click the Edit link to the right of WAN GlobalVPN
VPN > SETTINGS > GENERAL
Change the “Shared Secret” from yourpresharedkey to a key that you choose.
VPN > SETTINGS > PROPOSALS TAB
VPN > SETTINGS > ADVANCED TAB
It’s important to note that if your SonicWALL is configured to make people login with a SonicWALL Username/Password, then your “Require authentication of VPN clients by XAUTH” must be checked, and the “Use Group for XAUTH users” is probably “Trusted Users”
This means that in the “Users” section of SonicWALL, each “Local Users” must be configured on the “Groups” tab, to be a member of “Trusted Users”. There may be other configurations necessary in the Local Users section.
VPN > SETTINGS > CLIENT TAB
One important change I made here, was to change “Virtual Adapter settings” from simply “DHCP Lease” to “DHCP Lease or Manual Configuration”
I also enabled “Use Default Key for Simple Client Provisioning”
VPN > ADVANCED
I’m not sure if there were any changes on this page.
VPN > DHCP over VPN
Click “Central Gateway” and then click “Configure”.