IPSec VPN and iPhone
-
Another VERY IMPORTANT paramter!
The user has to have the "User - System - Shell account access" effective privilege.
I just realize that if I create a user without this parameter, there is no way to connect it to the VPN. -
aha….. for the first time i have a connection thanks to that last bit of info.
i can't ping anything though. where is the subnet set? i see 2 places ie under mobile clients & phase 2
do they both have to match, be different and which one needs to be different to what subnets are on the router for lan/vlan?
i've tried a few combinations buut to no avail. -
First of all, let me greet everyone here, and I hope I can get some help from you on the same subject that you all had success, and that I sadly, can't seem to get it right… :( :'(
The usual suspects: Iphone 4.2.1 wants to connect via ipsec (cisco) to pfsense 2.0Beta5 (latest I could get this month).
First I did my tests from outside side WAN, then tried internal LAN, just to rule out any kind of weird problems with the DSL router.My question, is if there's some kind of guide, step by step (coz iphone is very picky with the exact settings), on how to accomplish this feat?, and then once PSK works, I would like to move to the "big leagues" of the certs and have the iphone automagically connect and all that unspeakable black magic ;)
I've searched the forum, google and the usual suspects, but the info is lacking, or isn't exactly what I am searching for, that this topic seems to cover spot on.
Thank you for reading this, and I hope someone can help out this poor soul make his way (I've already pulled a lot of hair on this one...).Carlos.
-
I'll post screenshots when I'll be backgammon home. Too hard to do on iPad.
-
Wow, that was an unbeleivably fast reply, thank you! :o
In the mean time I will be trying again with the info in http://forum.pfsense.org/index.php/topic,23519.0.html … if I manage I will post here asap the results.
--- EDIT ---
Managed finally to get the PSK part working somehow, still have to test from outside to inside WAN->LAN and see if everything is working as it should, and then, I will slap myself a couple of times, and move on to your info about CERT, and make iphone open vpn automatically, etc...
THANKS!--- EDIT2 ---
Slapped myself once, as it is working lovely from WAN side (actually nasty 3G), but I can only ping pfsense from the iphone, and for some odd reason, the traffic in the iphone is not going through the VPN tunnel... have to investigate more...
-
Here are some screenshots.
To provide you with a complete information:
- my local network is using 10.15.1.1 –> 10.15.5.255
- you have to do the ssh thing as I already mentionned
What I still have to fix:
- local netwok names are not resolved within the VPN
Hope it'll help
(rename the attachment to .zip) -
Thank you very much for your help and time!!
The problem is that I can't manage to open the txt -> zip file in winrar… decompression errors... I can see there are 4 PDF files but can't extract them.
Also, do you know how to do the CERT part, where U issue a certificate to the iphone, so it connects automatically?. -
The archive was created on a mac. Just send me a private message with your e-mail and I'll send you the pdf's.
For the cert part, I have no idea for the moment.
I didn't find yet a cert mgmt tool good for me (home usage only, very simple, with a gui if possible).
So for the moment I didn't try. But I'm sure I will -
could you post your screens as gif or jpeg here? Would be easier than sending them one by one to all people asking…
-
I'll do it tomorrow but size limits are rather strict one the forum…