Why can't my iPhone connect using IPsec? (re: "User authentication failed.")
-
Hi,
eagerly awaiting the manual to set up iOS devices with IPSEC.
Concerning OS X and VPN, I have some infos to contribute… I grew to like using OpenVPN with Viscosity on OS X. Viscosity is pretty and OpenVPN runs at user level, so it is a little easier on the system. But: Yes, Viscosity is cheap (9$), but not free. Using the OpenVPN export wizard in pfsense, setting up OpenVPN users on OS X is a matter of seconds, it really is that easy.
Before using pfsense (so about 3-4 months ago) I happily used IPSecuritas (www.lobotomo.com) as a free (0$, Racoon-based) IPSEC client for my routers. I rolled out quite a few users with quite a few routers with IPSecuritas, is seriously rocks (not as pretty as Viscosity though).
So, once we get the iOS dial in straight, I will see if I can contribute in documenting setting up normal IPSEC with a Mac and IPSecuritas. There is a M0n0wall wizard for IPSecuritas, but since pfsense 2 and m0n0wall differ quite a lot, I wasn't really successful yet. Didn't try as hard though, as currently OpenVPN works just fine to dial in to my pfsense box.
-
Can you point to this m0n0 wizard?
-
I'm having the problem with xauth seeming to happen before the SA is established. Is there an easy way to apply the patch referenced http://forum.pfsense.org/index.php/topic,34135.0.html? If I slow down the processing by enabling about 10 debugs or speed up the link it works.
Anybody have any other idea? I'd love to figure out what's actually happening here but any workaround that will work would be great (except using PSK, I need certificates).
thanks
-
@ermal:
Can you point to this m0n0 wizard?
Sure, here you go: http://www.lobotomo.com/products/IPSecuritas/howto/m0n0wall%20HOWTO.pdf
-
hey mlanner;
any luck on your write up ? ive had absolutely no luck connecting with my ipad/iphone ::) -
I'm also interested in this tutorial!
-
any updates? :-)
-
i hope soon ! ive been checking this thread twice daily.
mlanner hasnt been active here since march 21st… -
Hey everyone,
Just a brief update … I got slammed at work. I've completely migrated to 2.0-RC1 now and will deploy and test in the next few days. Hopefully before the weekend. I'll post details when I'm done. Promise.
-
anyone successfully gotten ipsec+iphone/ipad working yet ?
-
Yep I use it since january more or less. Works great. I did the setup with the provided infos. Only thing when setting up the IPSEC is, you have to wait a moment before connecting your tunnel. After setting up the tunnel on pfsense i wait some time before trying. Don't know why, but minimum waiting time is 1 hour. stopping and restarting IPSEC doesn't help. Same thing happened when i changed the password in the uswr-manager. Could not connect directly, had to wait some time to get the tunnel up. I thought that some infos are cached at the iphone, but a test with the OSX IPSEC-client had the same issues. So now i'm not sure if i'm wrong…
-
Hey everyone,
Just a brief update … I got slammed at work. I've completely migrated to 2.0-RC1 now and will deploy and test in the next few days. Hopefully before the weekend. I'll post details when I'm done. Promise.
hello ? mlanner ?
-
@ericab: Whats your problem with connecting? Which are your questions, whats not clear for you? Maybe i can help out.
At the moment i don't have an ipad, but can connect with iphone OS 3.1.2, 4.0.1, 4.3.1, with 2g, 3g, 3gs, 4. I think the ipad should be the same thing.
-
Hi!
I would love it to connect my iPhone using certificates … would that be feasible and if yes what I am supposed to do?
Thanks
-
@ericab: Whats your problem with connecting? Which are your questions, whats not clear for you? Maybe i can help out.
At the moment i don't have an ipad, but can connect with iphone OS 3.1.2, 4.0.1, 4.3.1, with 2g, 3g, 3gs, 4. I think the ipad should be the same thing.
hi igor;
the only hangup for me and most others here, is we've used this tutorial:
http://forum.pfsense.org/index.php/topic,24752.msg130558/topicseen.html#msg130558and are at the point where we've successfully established a connection, but no traffic at all will pass to my main lan, nor to the internet.
my LAN network is 192.168.3.0/24
my ipsec network ive assigned is 192.168.4.0/24
(if you need id be happy to give you screenshots of the ipsec setup.)i'm hoping you or mlanner would get a howto goin' about this, in a separate thread which we could point people to; that or hope that iOS 5 will allow for openvpn links ::)
-
only to clear that up:
After connect you can access from your phone/pad any service/documents which are located on LAN-side.
You try to get access to WAN from your phone via the tunnel and have no success?
You can not connect to any service/documents when trying to access from LAN to phone?So the only thing i did was setting a rule from any to any at the IPSEC-tab.
I cann access from and to the phone, surfing the internet mostly fails with timeouts, but that happens on bad line. And that feature i rarely need. -
Hey …
do you use IPSEC with PSK method or via Certificates?
-
hi schnubert;
if your asking me, it is PSK -
hmm…
I would rather prefer certificates... ???