Route10 Configuration from Alta Control
-
Log in to
manage.alta.inc
, or use your local Control address (version 1.0j or later is required for local Control instances). - Navigate to the Network section.
- Open the configuration card for your Route10 by selecting its icon.
-
Switch to the VPN tab and open the IPSec Server settings.
- Toggle Enable to turn on the VPN.
- Set the Mode to IKEv2 using the dropdown menu.
-
Enter your desired subnet (e.g.,
192.168.42.1/28
). - Optionally, specify custom DNS servers.
- Leave IPSec ID blank for now, as this will be used when custom certificates are supported in the future.
-
Save your configuration.
-
Find the dynamic hostname generated for your VPN server in the VPN settings:
-
Double-click the full hostname found beside Certificate, and right click or press Ctrl + V to copy it (e.g.,
28ip6hy5z93.k72v8qx1n54.ddns.manage.alta.inc
). - Use this hostname as the remote ID or IPSec ID when configuring VPN clients.
-
Double-click the full hostname found beside Certificate, and right click or press Ctrl + V to copy it (e.g.,
- Navigate to the Auth tab, toggle Enable on, and click Save. If Auth is already enabled and users are populated, skip this step and step 7.
-
Add a user:
- Select Add User.
- Enter the username and password.
- Leave WiFi VLAN and IPSec VPN IP blank unless you know their purpose.
-
Repeat for as many users as desired, then save your changes.
Note: Users in Auth are intentionally limited to one active session. Each client device connecting to the VPN requires its own user profile. A comprehensive article on the authentication server is forthcoming, and this article will be updated to include a reference once it becomes available.
Client Configuration
Note: The client configuration steps below use an example hostname. Please be sure to replace the example hostname with the actual hostname from your site, as using the example will result in failure. It is found beside Certificate as mentioned above in step 5.
Windows 11
- Click Start → Settings → Network & Internet → VPN.
- Click Add VPN.
-
Fill out the following information:
- VPN provider: Windows (built-in).
- Connection name: Route10 VPN (or any name you prefer).
- Server name or address (DDNS address):
28ip6hy5z93.k72v8qx1n54.ddns.manage.alta.inc
- VPN type: IKEv2.
- Type of sign-in info: Username and password.
- Username: Enter your username
- Password: Enter your password
- Click Save.
- Back in the VPN settings, click Connect next to your Route10 VPN.
macOS
- Click System Settings on the dock, or go to the Apple icon in the top-left and select System Settings.
- Navigate to VPN. (If VPN isn’t present, go to System Settings>Network, and then in the lower right click the … menu)
- Choose Add VPN Configuration….
- Select IKEv2.
-
Fill out the following information:
- Display name: Route10 VPN (or any name you prefer).
- Server address:
28ip6hy5z93.k72v8qx1n54.ddns.manage.alta.inc
- Remote ID:
28ip6hy5z93.k72v8qx1n54.ddns.manage.alta.inc
- User authentication: Username
- Username: Enter your username
- Password: Enter your password
- Click Create.
- Toggle the connection beside your new VPN profile in the VPN menu to connect.
Ubuntu Desktop (24.04.1 or similar)
-
Open the Terminal and run:
sudo apt update && sudo apt install -y strongswan network-manager-strongswan libcharon-extra-plugins
- Exit the terminal.
- Open Settings → Network (click Network on the left if not loaded by default).
- Click the + symbol next to VPN.
- Choose IPSec/IKEv2 (strongSwan).
-
Fill out the following information:
- Name: Route10 VPN (or any name you prefer).
- Server Address:
28ip6hy5z93.k72v8qx1n54.ddns.manage.alta.inc
-
Server Identity:
28ip6hy5z93.k72v8qx1n54.ddns.manage.alta.inc
- Client authentication: EAP (Username/Password)
- Username: Enter your username
- (Optional) Beside the password field, click the question mark to choose whether the password is saved for the current user or all users. If enabled, enter password to save.
- Enable Request an inner IP address.
- (Optional) Enabling Enforce UDP encapsulation can improve compatibility, particularly in NAT Traversal (NAT-T) scenarios, but may not be necessary in all environments.
- Click Add.
- Toggle the VPN connection in Settings, or use the control center in the top-right corner.
Android
Native System Client
- Go to Settings → Connections → More Connection Settings → VPN.
- Tap the menu (top-right) and select Add VPN Profile.
-
Fill out the following information:
- Name: Route10 VPN (or any name you prefer).
- Type: IKEv2/IPSec MSCHAPv2
- Server address:
28ip6hy5z93.k72v8qx1n54.ddns.manage.alta.inc
- IPSec identifier:
28ip6hy5z93.k72v8qx1n54.ddns.manage.alta.inc
- Username: Enter your username
- Password: Enter your password
- Tap Save.
- Tap the VPN and click Connect.
Alternate Client: strongSwan
- Download the strongSwan client from the Play Store.
- Open the app and allow permissions.
- Tap Add VPN Profile.
-
Fill out the following information:
- Server:
28ip6hy5z93.k72v8qx1n54.ddns.manage.alta.inc
- VPN Type: IKEv2 (Username/Password).
- Username: Enter your username
- Password: Enter your password
- Profile name: Route10 VPN (or any name you prefer).
- Server:
- Tap Save.
- Tap the VPN to connect.
iOS/iPadOS
- Go to Settings → VPN (or General → VPN & Device Management → VPN if no profiles exist).
- Tap Add VPN Configuration….
- Select IKEv2 as the type.
-
Fill out the following information:
- Description: Route10 VPN (or any name you prefer).
- Server:
28ip6hy5z93.k72v8qx1n54.ddns.manage.alta.inc
- Remote ID:
28ip6hy5z93.k72v8qx1n54.ddns.manage.alta.inc
- User authentication: Username
- Username: Enter your username
- Password: Enter your password
- Tap Done.
- Select the VPN in the list and toggle the connection on.
Optional (Advanced users only): Add the Root CA for Certificate Verification
- Obtain the .pem file for the root CA (e.g., Let’s Encrypt ISRG Root X1).
- Follow the respective OS instructions to install the certificate.
- Set it as the CA certificate for validation.
Related to
Comments
0 comments
Article is closed for comments.