Why can't my iPhone connect using IPsec? (re: "User authentication failed.")
-
bump ???
-
ericab:
https://portal.pfsense.org/index.php/support-subscription
or wait until they have time to implement this feature.
Roy…
-
I followed the detailed tutorial linked -igor- in previous page. I nearly got it to work, but it fails with this error (in pfSense logs):
racoon: ERROR: phase1 negotiation failed due to time up [some long hash here]
I'm going to try with same setup but OS X 10.6.6 as the VPN client. I've been waiting for quite some time to get reliable secure VPN from OS X back to pfSense. I've gotten PPTP to work some times, but not reliably and I've heard the security is weak.
-
For what it's worth, I've had good luck with OpenVPN and 10.6.6, using Viscosity as the client. Not sure if OpenVPN is considered secure enough for you, but it's been relibale and effective for me.
–Rook
-
I need to try it more, but I think it will work fine, this setup, with OS X even if not iPhone. I tested it today and it brought up the connection but immediately Snort blocked the IP I was on. I'll report back once I adjust the Snort rule tuning and can test it again. I've never tried Viscosity, only Tunnelblick which I wasn't crazy about.
-
I did have to adjust some firewall rules, specifically (if I recall right) explicitly allowing traffic from VPN clients to WAN. OpenVPN Wizard took care of most of the rest of it, though I did set it up with an earlier beta. Didn't take too much trial and error to get the basics working well.
I'm pretty pleased with Viscosity as a VPN client. I had used the Cisco client for OS X as well as Shimo in the past. I prefer the UI, logging, and connection info provided by Viscocity than those others. Like Shimo it runs as a menu item with a detail screen you can pop open if the need arises. It's not free, but not too expensive either ($9). Looks like Shimo supports OpenVPN now as well, but I wasn't a huge fan of the UI in the (older) version I used to run to connect to a CiscoVPN for a former job. Hated the logging and connection detail views. It might be better now, that was a few years back. Either way, it is more expensive at €16 (but handles more VPN connection types).
As for iOS, correct there's nothing official but I have tried out and verified an OpenVPN client available for jailbroken phones via Cydia called GuizmOVPN. €5, but has a 7 day free trial to make sure things work. See more here:
http://www.guizmovpn.com/Anyway, hope some of that helped someone…
--Rook
-
I did have to adjust some firewall rules, specifically (if I recall right) explicitly allowing traffic from VPN clients to WAN. OpenVPN Wizard took care of most of the rest of it, though I did set it up with an earlier beta. Didn't take too much trial and error to get the basics working well.
I'm pretty pleased with Viscosity as a VPN client. I had used the Cisco client for OS X as well as Shimo in the past. I prefer the UI, logging, and connection info provided by Viscocity than those others. Like Shimo it runs as a menu item with a detail screen you can pop open if the need arises. It's not free, but not too expensive either ($9). Looks like Shimo supports OpenVPN now as well, but I wasn't a huge fan of the UI in the (older) version I used to run to connect to a CiscoVPN for a former job. Hated the logging and connection detail views. It might be better now, that was a few years back. Either way, it is more expensive at €16 (but handles more VPN connection types).
As for iOS, correct there's nothing official but I have tried out and verified an OpenVPN client available for jailbroken phones via Cydia called GuizmOVPN. €5, but has a 7 day free trial to make sure things work. See more here:
http://www.guizmovpn.com/Anyway, hope some of that helped someone…
--Rook
Rook, thanks for that, im going to look into guizmovpn, as soon as i can jailbreak my ipad2 (finally got one!).
in the meantime, i would love it (and even be willing to paypal you some $ for your troubles if you could help me ((or even write a howto so others could read it aswell)) if you'd write a step-by step for allowing my ipad to connect to my pfSense 2.0 RC, IPSec server. ive had no luck sofar. :/-ericab
-
Haven't tried setting up IPSec yet… and no iPad... but if I get some time I'll give it a go with the smaller iDevices. I wouldn't pin your hopes on me though– relatively new to pfSense, started with 1.2.3 and then quickly started using the 2.0 betas, and just trial/error'd my way through the base setup(s), then some of the firewall tweaking, snort, squid, traffic shaping, then OpenVPN.
That said, if I do get the time and make some headway, I'll write something up. Least I can do for all the help I've had here reading through the posts.
--Rook
-
I'm almost done with my write-up. I'll take some screenshots and verify that everything works correctly in the coming days. Stay tuned.
-
I'm almost done with my write-up. I'll take some screenshots and verify that everything works correctly in the coming days. Stay tuned.
Excellent… thanks mlanner. Much better idea than me trying to do the same / from scratch (especially with no pressing need on my end to get the thing figured out and working).
--Rook
-
beautiful thanks for that ! :D
-
Hi,
eagerly awaiting the manual to set up iOS devices with IPSEC.
Concerning OS X and VPN, I have some infos to contribute… I grew to like using OpenVPN with Viscosity on OS X. Viscosity is pretty and OpenVPN runs at user level, so it is a little easier on the system. But: Yes, Viscosity is cheap (9$), but not free. Using the OpenVPN export wizard in pfsense, setting up OpenVPN users on OS X is a matter of seconds, it really is that easy.
Before using pfsense (so about 3-4 months ago) I happily used IPSecuritas (www.lobotomo.com) as a free (0$, Racoon-based) IPSEC client for my routers. I rolled out quite a few users with quite a few routers with IPSecuritas, is seriously rocks (not as pretty as Viscosity though).
So, once we get the iOS dial in straight, I will see if I can contribute in documenting setting up normal IPSEC with a Mac and IPSecuritas. There is a M0n0wall wizard for IPSecuritas, but since pfsense 2 and m0n0wall differ quite a lot, I wasn't really successful yet. Didn't try as hard though, as currently OpenVPN works just fine to dial in to my pfsense box.
-
Can you point to this m0n0 wizard?
-
I'm having the problem with xauth seeming to happen before the SA is established. Is there an easy way to apply the patch referenced http://forum.pfsense.org/index.php/topic,34135.0.html? If I slow down the processing by enabling about 10 debugs or speed up the link it works.
Anybody have any other idea? I'd love to figure out what's actually happening here but any workaround that will work would be great (except using PSK, I need certificates).
thanks
-
@ermal:
Can you point to this m0n0 wizard?
Sure, here you go: http://www.lobotomo.com/products/IPSecuritas/howto/m0n0wall%20HOWTO.pdf
-
hey mlanner;
any luck on your write up ? ive had absolutely no luck connecting with my ipad/iphone ::) -
I'm also interested in this tutorial!
-
any updates? :-)
-
i hope soon ! ive been checking this thread twice daily.
mlanner hasnt been active here since march 21st… -
Hey everyone,
Just a brief update … I got slammed at work. I've completely migrated to 2.0-RC1 now and will deploy and test in the next few days. Hopefully before the weekend. I'll post details when I'm done. Promise.