Why can't my iPhone connect using IPsec? (re: "User authentication failed.")
-
Here is a really good entry: http://forum.pfsense.org/index.php/topic,24752.msg130558/topicseen.html#msg130558
-
I'd be happy to write up a tutorial if someone were to give me an iPad/iPad 2. Sadly, I can't document something I don't have access to… :-)
-
jimp,
I can't provide an iPad, but I'd be happy to contribute to a "bounty." Alternatively, I would consider contributing an iPod Touch. I know that's not as fun as an iPad, but for all intents and purposes when it comes to iDevice testing and documentation, it should work just fine.
-
A guide might not be all it takes. I might be wrong, hopefully I am, but it might be worth looking into this before handing out ipods.
http://forum.pfsense.org/index.php/topic,34135.0.htmlIt all depends where the other thread takes us. If it's only me having that problem I will put some more time into figuring it out (settings seems to work, it "just" randomly fails). If it turns out to be a configuration issue and if a guide is all it takes I'd be happy to write it (without the donation) when I get it to work.
-
I got it working … finally. I made some mods based on igor's link. I'll write it all up and post it. Maybe it can be added to the wiki.
fredriks: I don't think it's as simple matter of "handing out iPods." I know jimp and a bunch of other contributors are spending a lot of time working on pfSense -- free for everyone -- and if a iPod = creating good documentation of an issue I (and others) couldn't solve myself, then I think an iPod is a small amount to contribute. As it is, I've solved it and will contribute the documentation myself in a few days instead of an iDevice. Again, for free to the pfSense community. :)
-
I was half kidding about the donation bit. :-)
Chris has an iPhone, as do some other devs, and I think one of them may at least have access to an iPad, but it's one thing to have it and another thing to document it.
I currently don't have any iOS devices, but that may change in time. Perhaps we'll hold the 2.0 release hostage until we all get iPad 2's. ;-)
/kidding
//I think
///2 for 2! -
hey, any updates on this ?
id love for an ipsec HOWTO. (im a bit lost here)
tommorow i am buying an ipad2 ;D
-
I was wondering, why there are no privileges that can be assigned for IPSec dialin in the user-manager…
would make things easyer in this case, right ? -
yes, we need to make a permission for IPsec VPN yet. It doesn't exist now, but it will before 2.0 is released.
-
hey, any updates on this ?
id love for an ipsec HOWTO. (im a bit lost here)
tommorow i am buying an ipad2 ;D
bump.
-
bump ???
-
ericab:
https://portal.pfsense.org/index.php/support-subscription
or wait until they have time to implement this feature.
Roy…
-
I followed the detailed tutorial linked -igor- in previous page. I nearly got it to work, but it fails with this error (in pfSense logs):
racoon: ERROR: phase1 negotiation failed due to time up [some long hash here]
I'm going to try with same setup but OS X 10.6.6 as the VPN client. I've been waiting for quite some time to get reliable secure VPN from OS X back to pfSense. I've gotten PPTP to work some times, but not reliably and I've heard the security is weak.
-
For what it's worth, I've had good luck with OpenVPN and 10.6.6, using Viscosity as the client. Not sure if OpenVPN is considered secure enough for you, but it's been relibale and effective for me.
–Rook
-
I need to try it more, but I think it will work fine, this setup, with OS X even if not iPhone. I tested it today and it brought up the connection but immediately Snort blocked the IP I was on. I'll report back once I adjust the Snort rule tuning and can test it again. I've never tried Viscosity, only Tunnelblick which I wasn't crazy about.
-
I did have to adjust some firewall rules, specifically (if I recall right) explicitly allowing traffic from VPN clients to WAN. OpenVPN Wizard took care of most of the rest of it, though I did set it up with an earlier beta. Didn't take too much trial and error to get the basics working well.
I'm pretty pleased with Viscosity as a VPN client. I had used the Cisco client for OS X as well as Shimo in the past. I prefer the UI, logging, and connection info provided by Viscocity than those others. Like Shimo it runs as a menu item with a detail screen you can pop open if the need arises. It's not free, but not too expensive either ($9). Looks like Shimo supports OpenVPN now as well, but I wasn't a huge fan of the UI in the (older) version I used to run to connect to a CiscoVPN for a former job. Hated the logging and connection detail views. It might be better now, that was a few years back. Either way, it is more expensive at €16 (but handles more VPN connection types).
As for iOS, correct there's nothing official but I have tried out and verified an OpenVPN client available for jailbroken phones via Cydia called GuizmOVPN. €5, but has a 7 day free trial to make sure things work. See more here:
http://www.guizmovpn.com/Anyway, hope some of that helped someone…
--Rook
-
I did have to adjust some firewall rules, specifically (if I recall right) explicitly allowing traffic from VPN clients to WAN. OpenVPN Wizard took care of most of the rest of it, though I did set it up with an earlier beta. Didn't take too much trial and error to get the basics working well.
I'm pretty pleased with Viscosity as a VPN client. I had used the Cisco client for OS X as well as Shimo in the past. I prefer the UI, logging, and connection info provided by Viscocity than those others. Like Shimo it runs as a menu item with a detail screen you can pop open if the need arises. It's not free, but not too expensive either ($9). Looks like Shimo supports OpenVPN now as well, but I wasn't a huge fan of the UI in the (older) version I used to run to connect to a CiscoVPN for a former job. Hated the logging and connection detail views. It might be better now, that was a few years back. Either way, it is more expensive at €16 (but handles more VPN connection types).
As for iOS, correct there's nothing official but I have tried out and verified an OpenVPN client available for jailbroken phones via Cydia called GuizmOVPN. €5, but has a 7 day free trial to make sure things work. See more here:
http://www.guizmovpn.com/Anyway, hope some of that helped someone…
--Rook
Rook, thanks for that, im going to look into guizmovpn, as soon as i can jailbreak my ipad2 (finally got one!).
in the meantime, i would love it (and even be willing to paypal you some $ for your troubles if you could help me ((or even write a howto so others could read it aswell)) if you'd write a step-by step for allowing my ipad to connect to my pfSense 2.0 RC, IPSec server. ive had no luck sofar. :/-ericab
-
Haven't tried setting up IPSec yet… and no iPad... but if I get some time I'll give it a go with the smaller iDevices. I wouldn't pin your hopes on me though– relatively new to pfSense, started with 1.2.3 and then quickly started using the 2.0 betas, and just trial/error'd my way through the base setup(s), then some of the firewall tweaking, snort, squid, traffic shaping, then OpenVPN.
That said, if I do get the time and make some headway, I'll write something up. Least I can do for all the help I've had here reading through the posts.
--Rook
-
I'm almost done with my write-up. I'll take some screenshots and verify that everything works correctly in the coming days. Stay tuned.
-
I'm almost done with my write-up. I'll take some screenshots and verify that everything works correctly in the coming days. Stay tuned.
Excellent… thanks mlanner. Much better idea than me trying to do the same / from scratch (especially with no pressing need on my end to get the thing figured out and working).
--Rook