Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Does IPSEC in pfSense 2.0 work with the iPhone?

    Scheduled Pinned Locked Moved IPsec
    5 Posts 3 Posters 7.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sofakng
      last edited by

      I've been searching on the forum and it looks like IPSEC in pfSense 1.2.3 doesn't work with the iPhone.  Is this true?

      If so, does the current beta of pfSense 2.0 work with IPSEC and the iPhone?

      I believe PPTP works with the iPhone but I've heard it's not very secure but I don't know very much about VPNs, yet.

      Thanks for any advice!

      1 Reply Last reply Reply Quote 0
      • _
        _igor_
        last edited by

        yes, pf 2.0 works great with iphone. Please search for that, you'll find all infos about that in the 2.0 beta forum or here too. Search for "IPSEC roadwarrior".

        1 Reply Last reply Reply Quote 0
        • H
          huntdog777
          last edited by

          I have been searching around the forums the last few hours I can not find anything that helps me understand how to setup a IPSec VPN to a iPhone.  I looked and searched Road Warrior and it does not work for me.  I am not sure what to paste here to get help if there is a config dump or somthing that will aide in helping me.  I have tried to setup a L2TP connection however now after the 3rd time of trying this now it will not even contact my pfsense wall.  I am running the most current 2.0 RC1 release.  Could someone point me in the right way to get this setup and get to a point where I can list some output.

          Sorry I am discouraged after trying this all day today and not being any closer to fixing it.

          1 Reply Last reply Reply Quote 0
          • H
            huntdog777
            last edited by

            I tried one last post before I take a break:
            http://forum.pfsense.org/index.php/topic,24752.msg130558/topicseen.html#msg130558

            I got all the way down to the bottom and the iPhone says "User Authentication Failed."

            on the pfsense it says under IPSec log:

            racoon: [Self]: INFO: respond new phase 1 negotiation: HOMEIP[500]<=>WORKIP[9196]
            Mar 31 15:58:44	racoon: INFO: begin Aggressive mode.
            Mar 31 15:58:44	racoon: INFO: received Vendor ID: RFC 3947
            Mar 31 15:58:44	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-08
            Mar 31 15:58:44	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-07
            Mar 31 15:58:44	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-06
            Mar 31 15:58:44	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-05
            Mar 31 15:58:44	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-04
            Mar 31 15:58:44	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
            Mar 31 15:58:44	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
            Mar 31 15:58:44	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
            Mar 31 15:58:44	racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
            Mar 31 15:58:44	racoon: INFO: received Vendor ID: CISCO-UNITY
            Mar 31 15:58:44	racoon: INFO: received Vendor ID: DPD
            Mar 31 15:58:44	racoon: [WORKIP] INFO: Selected NAT-T version: RFC 3947
            Mar 31 15:58:44	racoon: INFO: Adding remote and local NAT-D payloads.
            Mar 31 15:58:44	racoon: [WORKIP] INFO: Hashing WORKIP[9196] with algo #2
            Mar 31 15:58:44	racoon: [Self]: [HOMEIP] INFO: Hashing HOMEIP[500] with algo #2
            Mar 31 15:58:44	racoon: INFO: Adding xauth VID payload.
            Mar 31 15:58:44	racoon: [Self]: INFO: NAT-T: ports changed to: WORKIP[9206]<->HOMEIP[4500]
            Mar 31 15:58:44	racoon: [Self]: [HOMEIP] INFO: Hashing HOMEIP[4500] with algo #2
            Mar 31 15:58:44	racoon: INFO: NAT-D payload #0 verified
            Mar 31 15:58:44	racoon: [WORKIP] INFO: Hashing WORKIP[9206] with algo #2
            Mar 31 15:58:44	racoon: INFO: NAT-D payload #1 doesn't match
            Mar 31 15:58:44	racoon: [WORKIP] ERROR: notification INITIAL-CONTACT received in aggressive exchange.
            Mar 31 15:58:44	racoon: INFO: NAT detected: PEER
            Mar 31 15:58:44	racoon: INFO: Sending Xauth request
            Mar 31 15:58:44	racoon: [Self]: INFO: ISAKMP-SA established HOMEIP[4500]-WORKIP[9206] spi:00acc0dd998ac72d:4f1c0cd2bc0b1f6b
            Mar 31 15:58:44	racoon: INFO: Using port 0
            Mar 31 15:58:44	racoon: INFO: Released port 0
            Mar 31 15:58:44	racoon: INFO: login failed for user "ryan"
            Mar 31 15:58:44	racoon: ERROR: Attempt to release an unallocated address (port 0)
            Mar 31 15:58:45	racoon: ERROR: mode config 6 from WORKIP[9206], but we have no ISAKMP-SA.
            Mar 31 15:58:45	racoon: [WORKIP] ERROR: unknown Informational exchange received.
            
            1 Reply Last reply Reply Quote 0
            • H
              huntdog777
              last edited by

              Got it to connect finaly with this post:
              http://forum.pfsense.org/index.php/topic,32319.0.html

              I added VPN Shell access to the user i was using in the IPSec config.  Now I have the iphone on a diffrent network 192.168.197.0/24 than my main network 192.168.196.0/24.  I need to figure out how to route the traffic from the 192.168.197.0/24 network to my 192.168.196.0/24 network.  This all pivots around the setting in the VPN:Ipsec:Mobile under Client configuration (mode-cfg) virtual address pool.  Provide a virtual IP address to clients.

              Because you put in a different network you need a route to your lan network.  I am not sure how to make a route to the lan with pfsense(I am a cisco guy).  Almost need to setup a virtual interface and have a gateway address?  Any advice?

              Attached a screenshot of the settings I have.

              VPN-IPSEC-Mobile.JPG
              VPN-IPSEC-Mobile.JPG_thumb

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.