Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Why can't my iPhone connect using IPsec? (re: "User authentication failed.")

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    51 Posts 15 Posters 44.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mlanner
      last edited by

      I'm almost done with my write-up. I'll take some screenshots and verify that everything works correctly in the coming days. Stay tuned.

      1 Reply Last reply Reply Quote 0
      • R
        Rook
        last edited by

        @mlanner:

        I'm almost done with my write-up. I'll take some screenshots and verify that everything works correctly in the coming days. Stay tuned.

        Excellent… thanks mlanner. Much better idea than me trying to do the same / from scratch (especially with no pressing need on my end to get the thing figured out and working).

        --Rook

        1 Reply Last reply Reply Quote 0
        • E
          ericab
          last edited by

          beautiful thanks for that !  :D

          1 Reply Last reply Reply Quote 0
          • P
            p0ddie
            last edited by

            Hi,

            eagerly awaiting the manual to set up iOS devices with IPSEC.

            Concerning OS X and VPN, I have some infos to contribute… I grew to like using OpenVPN with Viscosity on OS X. Viscosity is pretty and OpenVPN runs at user level, so it is a little easier on the system. But: Yes, Viscosity is cheap (9$), but not free. Using the OpenVPN export wizard in pfsense, setting up OpenVPN users on OS X is a matter of seconds, it really is that easy.

            Before using pfsense (so about 3-4 months ago) I happily used IPSecuritas (www.lobotomo.com) as a free (0$, Racoon-based) IPSEC client for my routers. I rolled out quite a few users with quite a few routers with IPSecuritas, is seriously rocks (not as pretty as Viscosity though).

            So, once we get the iOS dial in straight, I will see if I can contribute in documenting setting up normal IPSEC with a Mac and IPSecuritas. There is a M0n0wall wizard for IPSecuritas, but since pfsense 2 and m0n0wall differ quite a lot, I wasn't really successful yet. Didn't try as hard though, as currently OpenVPN works just fine to dial in to my pfsense box.

            1 Reply Last reply Reply Quote 0
            • E
              eri--
              last edited by

              Can you point to this m0n0 wizard?

              1 Reply Last reply Reply Quote 0
              • E
                elijahmm
                last edited by

                I'm having the problem with xauth seeming to happen before the SA is established.  Is there an easy way to apply the patch referenced http://forum.pfsense.org/index.php/topic,34135.0.html?  If I slow down the processing by enabling about 10 debugs or speed up the link it works.

                Anybody have any other idea?  I'd love to figure out what's actually happening here but any workaround that will work would be great (except using PSK, I need certificates).

                thanks

                1 Reply Last reply Reply Quote 0
                • P
                  p0ddie
                  last edited by

                  @ermal:

                  Can you point to this m0n0 wizard?

                  Sure, here you go: http://www.lobotomo.com/products/IPSecuritas/howto/m0n0wall%20HOWTO.pdf

                  1 Reply Last reply Reply Quote 0
                  • E
                    ericab
                    last edited by

                    hey mlanner;
                    any luck on your write up ? ive had absolutely no luck connecting with my ipad/iphone  ::)

                    1 Reply Last reply Reply Quote 0
                    • I
                      iler
                      last edited by

                      I'm also interested in this tutorial!

                      1 Reply Last reply Reply Quote 0
                      • P
                        p0ddie
                        last edited by

                        any updates? :-)

                        1 Reply Last reply Reply Quote 0
                        • E
                          ericab
                          last edited by

                          i hope soon ! ive been checking this thread twice daily.
                          mlanner hasnt been active here since march 21st…

                          1 Reply Last reply Reply Quote 0
                          • M
                            mlanner
                            last edited by

                            Hey everyone,

                            Just a brief update … I got slammed at work. I've completely migrated to 2.0-RC1 now and will deploy and test in the next few days. Hopefully before the weekend. I'll post details when I'm done. Promise.

                            1 Reply Last reply Reply Quote 0
                            • E
                              ericab
                              last edited by

                              anyone successfully gotten ipsec+iphone/ipad working yet ?

                              1 Reply Last reply Reply Quote 0
                              • _
                                _igor_
                                last edited by

                                Yep I use it since january more or less. Works great. I did the setup with the provided infos. Only thing when setting up the IPSEC is, you have to wait a moment before connecting your tunnel. After setting up the tunnel on pfsense i wait some time before trying. Don't know why, but minimum waiting time is 1 hour. stopping and restarting IPSEC doesn't help. Same thing happened when i changed the password in the uswr-manager. Could not connect directly, had to wait some time to get the tunnel up. I thought that some infos are cached at the iphone, but a test with the OSX IPSEC-client had the same issues.  So now i'm not sure if i'm wrong…

                                1 Reply Last reply Reply Quote 0
                                • E
                                  ericab
                                  last edited by

                                  @mlanner:

                                  Hey everyone,

                                  Just a brief update … I got slammed at work. I've completely migrated to 2.0-RC1 now and will deploy and test in the next few days. Hopefully before the weekend. I'll post details when I'm done. Promise.

                                  hello ? mlanner ?

                                  1 Reply Last reply Reply Quote 0
                                  • _
                                    _igor_
                                    last edited by

                                    @ericab: Whats your problem with connecting? Which are your questions, whats not clear for you? Maybe i can help out.

                                    At the moment i don't have an ipad, but can connect with iphone OS 3.1.2, 4.0.1, 4.3.1, with 2g, 3g, 3gs, 4. I think the ipad should be the same thing.

                                    1 Reply Last reply Reply Quote 0
                                    • S
                                      schnubert
                                      last edited by

                                      Hi!

                                      I would love it to connect my iPhone using certificates … would that be feasible and if yes what I am supposed to do?

                                      Thanks

                                      1 Reply Last reply Reply Quote 0
                                      • E
                                        ericab
                                        last edited by

                                        @_igor_:

                                        @ericab: Whats your problem with connecting? Which are your questions, whats not clear for you? Maybe i can help out.

                                        At the moment i don't have an ipad, but can connect with iphone OS 3.1.2, 4.0.1, 4.3.1, with 2g, 3g, 3gs, 4. I think the ipad should be the same thing.

                                        hi igor;
                                        the only hangup for me and most others here, is we've used this tutorial:
                                        http://forum.pfsense.org/index.php/topic,24752.msg130558/topicseen.html#msg130558

                                        and are at the point where we've successfully established a connection, but no traffic at all will pass to my main lan, nor to the internet.
                                        my LAN network is 192.168.3.0/24
                                        my ipsec network ive assigned is 192.168.4.0/24
                                        (if you need id be happy to give you screenshots of the ipsec setup.)

                                        i'm hoping you or mlanner would get a howto goin' about this, in a separate thread which we could point people to; that or hope that iOS 5 will allow for openvpn links  ::)

                                        1 Reply Last reply Reply Quote 0
                                        • _
                                          _igor_
                                          last edited by

                                          only to clear that up:

                                          After connect you can access from your phone/pad any service/documents which are located on LAN-side.
                                          You try to get access to WAN from your phone via the tunnel and have no success?
                                          You can not connect to any service/documents when trying to access from LAN to phone?

                                          So the only thing i did was setting a rule from any to any at the IPSEC-tab.
                                          I cann access from and to the phone, surfing the internet mostly fails with timeouts, but that happens on bad line. And that feature i rarely need.

                                          1 Reply Last reply Reply Quote 0
                                          • S
                                            schnubert
                                            last edited by

                                            Hey …

                                            do you use IPSEC with PSK method or via Certificates?

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.