IPhone + IPSec
-
Anyone had success with iPhone > 3.1.2 and IPSec yet? I'd really like to use this over PPTP.
-
Anyone had success with iPhone > 3.1.2 and IPSec yet? I'd really like to use this over PPTP.
Pure IPSec is still not working. As far as i know PPTP should work fine though I have not tried it myself.
-
It does. As the only reasonable VPN-Solution for the iPhone right now.
L2TP is at the moment plain Layer 2 tunneled Traffic without IPSec, just Authentication so far..
OpenVPN on jailbroken iPhone is a hell of itself.
So if you aren´t firm with configuring the IPSec-Part manually, i think have to wait..
But still, 2.0 Beta?!? I mean, wonderful, brilliant..
-
Hi Volks,
VPN-ing is really a mess with a Mobile device. Even if you setup successful a working PPTP-Tunnel over WiFi, it must not work over 3G (UMTS): here in Germany Vodafone uses a proxy somehow to minifize Images, and the User can not turn it off in any way. The Vodafone Mac-Tam is working on the VPN-Problem since the iPad is rolled out, but still with no success (after 4 Month).
IPSec on Apples Mobile devices is made from Cisco.
If we would have CISCO-Routers, we wont read in this pfSense Forum :-/
After no Success with our pfSense we tried some alternates, and found a solution wich we had to compile into our Gentoo.
Strongswan allows in its compileable Version to set a Cisco-Parameter, and we where able to set a IPSec-Tunnel wich is working over 3G and EDGE too. Just by following the instructions.Even if it is a bit off-topic (because the solution is not in pfsense), this Info could probably help to enhance the 2.x pfsense to be able to do this job too. (what I would prefer)
-
Have you tried a recent 2.0 beta?
Lots of things have changed in there since the last post in this thread. -
Yeah iOS devices and mobile IPsec work great now. One last fix for DNS specific to Cisco clients went in several days ago, though it worked at least a couple weeks prior to that aside from DNS.
-
i keep getting a login failure even though i've followed the instructions on this post.
any idea why? i take it you just add a user (with no privelidges) and enter a preshared key under that user?Dec 30 16:51:31 racoon: [Mobile Clients]: ERROR: unknown Informational exchange received.
Dec 30 16:51:31 racoon: [Mobile Clients]: ERROR: mode config 6 from XXX.XXX.XXX.XXX[58036], but we have no ISAKMP-SA.
Dec 30 16:51:31 racoon: [Mobile Clients]: ERROR: Attempt to release an unallocated address (port 0)
Dec 30 16:51:31 racoon: [Mobile Clients]: INFO: login failed for user "vpnuser"
Dec 30 16:51:31 racoon: [Mobile Clients]: INFO: Released port 0
Dec 30 16:51:31 racoon: [Mobile Clients]: INFO: Using port 0
Dec 30 16:51:31 racoon: [Mobile Clients]: INFO: ISAKMP-SA established XXX.XXX.XXX.XXX[4500]-XXX.XXX.XXX.XXX[58036] spi:92cbc9035936dcda:6839598826f513a5
Dec 30 16:51:31 racoon: [Mobile Clients]: INFO: Sending Xauth request
Dec 30 16:51:31 racoon: [Mobile Clients]: INFO: NAT detected: PEER
Dec 30 16:51:31 racoon: [Mobile Clients]: WARNING: ignore INITIAL-CONTACT notification, because it is only accepted after phase1.
Dec 30 16:51:31 racoon: [Mobile Clients]: INFO: NAT-D payload #1 doesn't match
Dec 30 16:51:31 racoon: [Mobile Clients]: INFO: Hashing XXX.XXX.XXX.XXX[58036] with algo #2
Dec 30 16:51:31 racoon: [Mobile Clients]: INFO: NAT-D payload #0 verified
Dec 30 16:51:31 racoon: [Mobile Clients]: INFO: Hashing XXX.XXX.XXX.XXX[4500] with algo #2
Dec 30 16:51:31 racoon: [Mobile Clients]: INFO: NAT-T: ports changed to: XXX.XXX.XXX.XXX[58036]<->XXX.XXX.XXX.XXX[4500]
Dec 30 16:51:30 racoon: [Mobile Clients]: INFO: Adding xauth VID payload.
Dec 30 16:51:30 racoon: [Mobile Clients]: INFO: Hashing XXX.XXX.XXX.XXX[500] with algo #2
Dec 30 16:51:30 racoon: [Mobile Clients]: INFO: Hashing XXX.XXX.XXX.XXX[58034] with algo #2
Dec 30 16:51:30 racoon: [Mobile Clients]: INFO: Adding remote and local NAT-D payloads.
Dec 30 16:51:30 racoon: [Mobile Clients]: INFO: Selected NAT-T version: RFC 3947
Dec 30 16:51:30 racoon: [Mobile Clients]: WARNING: No ID match.
Dec 30 16:51:30 racoon: [Mobile Clients]: INFO: received Vendor ID: DPD
Dec 30 16:51:30 racoon: [Mobile Clients]: INFO: received Vendor ID: CISCO-UNITY
Dec 30 16:51:30 racoon: [Mobile Clients]: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
Dec 30 16:51:30 racoon: [Mobile Clients]: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 30 16:51:30 racoon: [Mobile Clients]: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 30 16:51:30 racoon: [Mobile Clients]: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Dec 30 16:51:30 racoon: [Mobile Clients]: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-04
Dec 30 16:51:30 racoon: [Mobile Clients]: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-05
Dec 30 16:51:30 racoon: [Mobile Clients]: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-06
Dec 30 16:51:30 racoon: [Mobile Clients]: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-07
Dec 30 16:51:30 racoon: [Mobile Clients]: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-08
Dec 30 16:51:30 racoon: [Mobile Clients]: INFO: received Vendor ID: RFC 3947
Dec 30 16:51:30 racoon: [Mobile Clients]: INFO: begin Aggressive mode. -
The constant login failed is the EXACT same problem I'm having…
Can anybody help? :(
-
See this thread http://forum.pfsense.org/index.php/topic,32319.0.html
-
I had this working in a dev environment but the configuration got lost during a rebuild for a different test. Following the various posts in here I am able to login and get an IP assigned from the local mobile pool but I can't get traffic in either direction.
Internal Network: 10.0.0.0/16
Mobile IP Network 10.0.35.5/29Can provide any additional information as needed. Using pfsense 2.0 Beta5 Feb 7 21:37 snapshot.
Thank!
-
I can't get traffic in either direction.
Internal Network: 10.0.0.0/16
Mobile IP Network 10.0.35.5/29Your mobile IP network lies within your internal network, thus traffic never gets routed out because there's no need to.
Address: 10.0.0.0
Netmask: 255.255.0.0 = 16
=>
Network: 10.0.0.0/16
Broadcast: 10.0.255.255
HostMin: 10.0.0.1
HostMax: 10.0.255.254
Hosts/Net: 65534 (Private Internet) -
Thanks. I honestly thought that I had tried 10.1.35.0/24 before I did a post but maybe it was before I resolved a FW rule and didn't go back to it. Things seem to be working now. Thanks for making me look at it again!
