Help

Suggestions - IPSec between Mac OS X and Windows Server (2008 R2)

aamjohns
Contributor II

Posted on ‎07-02-2014 05:11 AM

I have been asked to implement ipsec throughout our entire environment. We are in a MS ADS domain and I do have the option of using certificates.

All of our file servers are Windows. When I search the net for ipsec between Mac and Windows everything is VPN. I was wondering if anyone else worked in a similar environment and implemented ipsec. And if so, how you did it. Are there third party tools I could use.

On the windows side, I can use Kerberos authentication and not be required to use certificates. But I know that to bring in other operating systems I will need to use certificates (or possibly pre-shared keys, but I prefer not to do that). So if I only had to encompass the windows environment I think things would be much simpler. But I am supposed to try and at least get SMB running over ipsec.

Any suggestions or pointers are much appreciated.

Aaron.

0 Kudos
3 REPLIES 3

aamjohns
Contributor II

Posted on ‎01-16-2015 07:16 AM

bump... No one else out there has to deal with this? I am still being pressured to resolve this issue. In the Window environment (domain) the machines are getting certificates from the domain and our IPSEC policy is certificate based. I have been asked to find a way to implement IPSEC over SMB for our Mac's using certificates. I have gotten nowhere googling this, and I am not sure that it is even possible. But third party tools would not be out of the question.

Does anyone secure network traffic on their Mac's using IPsec?

0 Kudos

jaharmi
Contributor

Posted on ‎07-02-2015 11:48 AM

Did you ever find a way to accomplish this? Just wondering, as I’d had a similar request in the past.

0 Kudos

aamjohns
Contributor II

Posted on ‎07-02-2015 12:34 PM

I'm sorry, I did not. We tried but never found solution to that particular issue.

Our goal is to ensure SMB traffic is encrypted. With Windows Server 2012 (our environment) SMB3 will allow for enabling encryption on file shares. Yosemite supports SMB3 so this could allow us to accomplish our goal of encrypted traffic. We are looking into this method as a way to accomplish our goal. But it is something for the future as we have not migrated all of our files servers to server 2012.

Have a look at this document

Jeremy, if you have a moment will you email me at aamjohns at iu dot edu? I would like to have a way to keep into touch with you about this in the future.

0 Kudos