Using IPsec VPNs with macOS and iOS is very simple to set up in IPFire since Core Update 14X. Settings including certificates can be imported easily into the operating systems by using Apple's configuration profiles.
The connection needs to be set up with a couple of parameters that are supported by macOS and iOS:
For each device, you will need to create an own connection. In this example, the connection is called MyConnection, the FQDN of my IPFire system is ipfire.example.org, and my device is called my-iphone.
The connection will give the device access to the subnet 192.168.0.0/24 and assign a DNS server in that subnet. Using split-horizon DNS is optional and the field can be left empty. If you want your device to pass all traffic through the VPN, you can set the local subnet to 0.0.0.0/0.
Local ID must be set to the IPFire's FQDN prefixed by an "@" sign. Remote ID must be the system's hostname prefixed by an "@" sign and the hostname must also be added to the certificate as "Subject Alternative Name" prefixed with "DNS:".
Do not forget to set a password to protect the certificate.
Check the box to go to the advanced settings page after you clicked "Save".
Apple devices do not support all ciphers and other algorithms than IPFire does. Only the first selection will be passed in the configuration profile. Supported are as follows:
This version is substantially less secure than using certificates and therefore not recommended, but works too. Make sure you are setting the local and remote IDs.
After you have created the connection, you can download the Apple configuration profile by clicking the Apple icon next to your new connection and transfer it to your device.
Optionally you can edit the profile with Apple Configurator 2 if you have need for some custom settings.
Import the profile where you will be asked for the password for the private key.
After the profile has been imported, the VPN will connect automatically and will remain established whenever possible.