You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/ikev2-howto.md
+13-3Lines changed: 13 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -88,7 +88,7 @@ First, securely transfer the generated `.mobileconfig` file to your Mac, then do
88
88
89
89
<details>
90
90
<summary>
91
-
If you manually set up IKEv2 without using the helper script, click here to see instructions.
91
+
If you manually set up IKEv2 without using the helper script, click here for instructions.
92
92
</summary>
93
93
94
94
First, securely transfer the generated `.p12` file to your Mac, then double-click to import into the **login** keychain in **Keychain Access**. Next, double-click on the imported `IKEv2 VPN CA` certificate, expand **Trust** and select **Always Trust** from the **IP Security (IPsec)** drop-down menu. Close the dialog using the red "X" on the top-left corner. When prompted, use Touch ID or enter your password and click "Update Settings".
@@ -134,7 +134,7 @@ When finished, check to make sure "IKEv2 VPN configuration" is listed under Sett
134
134
135
135
<details>
136
136
<summary>
137
-
If you manually set up IKEv2 without using the helper script, click here to see instructions.
137
+
If you manually set up IKEv2 without using the helper script, click here for instructions.
138
138
</summary>
139
139
140
140
First, securely transfer the generated `ikev2vpnca.cer` and `.p12` files to your iOS device, then import them one by one as iOS profiles. To transfer the files, you may use:
@@ -499,14 +499,23 @@ Before continuing, you **must** restart the IPsec service. The IKEv2 setup on th
499
499
500
500
## Remove IKEv2
501
501
502
-
If you want to remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes, follow these steps. Commands must be run as `root`. Note that this will delete all IKEv2 configuration and **cannot be undone**!
502
+
If you want to remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes, run the [helper script](#using-helper-scripts) again and select the "Remove IKEv2" option. Note that this will delete all IKEv2 configuration including certificates, and **cannot be undone**!
503
+
504
+
<details>
505
+
<summary>
506
+
Alternatively, you can manually remove IKEv2. Click here for instructions.
507
+
</summary>
508
+
509
+
To manually remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clients.md) and [IPsec/XAuth ("Cisco IPsec")](clients-xauth.md) modes, follow these steps. Commands must be run as `root`. Note that this will delete all IKEv2 configuration including certificates, and **cannot be undone**!
**Note:** If you used an older version (before 2020-05-31) of the IKEv2 helper script or instructions, file `/etc/ipsec.d/ikev2.conf` may not exist. In this case, please instead remove the `conn ikev2-cp` section from file `/etc/ipsec.conf`.
518
+
510
519
1. **(Important) Restart the IPsec service**:
511
520
512
521
```bash
@@ -535,6 +544,7 @@ If you want to remove IKEv2 from the VPN server, but keep the [IPsec/L2TP](clien
0 commit comments