Why can't my iPhone connect using IPsec? (re: "User authentication failed.")

eri-- · Mar 25, 2011, 10:47 PM

Can you point to this m0n0 wizard?

elijahmm · Mar 28, 2011, 9:01 PM

I'm having the problem with xauth seeming to happen before the SA is established. Is there an easy way to apply the patch referenced http://forum.pfsense.org/index.php/topic,34135.0.html? If I slow down the processing by enabling about 10 debugs or speed up the link it works.

Anybody have any other idea? I'd love to figure out what's actually happening here but any workaround that will work would be great (except using PSK, I need certificates).

thanks

p0ddie · Mar 28, 2011, 11:00 PM

@ermal:

Can you point to this m0n0 wizard?

Sure, here you go: http://www.lobotomo.com/products/IPSecuritas/howto/m0n0wall%20HOWTO.pdf

ericab · Mar 29, 2011, 5:56 PM

hey mlanner;
any luck on your write up ? ive had absolutely no luck connecting with my ipad/iphone ::)

iler · Apr 3, 2011, 4:05 PM

I'm also interested in this tutorial!

p0ddie · Apr 5, 2011, 8:32 PM

any updates? :-)

ericab · Apr 5, 2011, 9:31 PM

i hope soon ! ive been checking this thread twice daily.
mlanner hasnt been active here since march 21st…

mlanner · Apr 6, 2011, 5:51 AM

Hey everyone,

Just a brief update … I got slammed at work. I've completely migrated to 2.0-RC1 now and will deploy and test in the next few days. Hopefully before the weekend. I'll post details when I'm done. Promise.

ericab · Apr 10, 2011, 5:11 PM

anyone successfully gotten ipsec+iphone/ipad working yet ?

_igor_ · Apr 11, 2011, 1:34 PM

Yep I use it since january more or less. Works great. I did the setup with the provided infos. Only thing when setting up the IPSEC is, you have to wait a moment before connecting your tunnel. After setting up the tunnel on pfsense i wait some time before trying. Don't know why, but minimum waiting time is 1 hour. stopping and restarting IPSEC doesn't help. Same thing happened when i changed the password in the uswr-manager. Could not connect directly, had to wait some time to get the tunnel up. I thought that some infos are cached at the iphone, but a test with the OSX IPSEC-client had the same issues. So now i'm not sure if i'm wrong…

ericab · Apr 19, 2011, 4:11 AM

@mlanner:

Hey everyone,

Just a brief update … I got slammed at work. I've completely migrated to 2.0-RC1 now and will deploy and test in the next few days. Hopefully before the weekend. I'll post details when I'm done. Promise.

hello ? mlanner ?

_igor_ · Apr 20, 2011, 10:54 AM

@ericab: Whats your problem with connecting? Which are your questions, whats not clear for you? Maybe i can help out.

At the moment i don't have an ipad, but can connect with iphone OS 3.1.2, 4.0.1, 4.3.1, with 2g, 3g, 3gs, 4. I think the ipad should be the same thing.

schnubert · Apr 20, 2011, 12:02 PM

Hi!

I would love it to connect my iPhone using certificates … would that be feasible and if yes what I am supposed to do?

Thanks

ericab · Apr 20, 2011, 5:41 PM

@_igor_:

@ericab: Whats your problem with connecting? Which are your questions, whats not clear for you? Maybe i can help out.

At the moment i don't have an ipad, but can connect with iphone OS 3.1.2, 4.0.1, 4.3.1, with 2g, 3g, 3gs, 4. I think the ipad should be the same thing.

hi igor;
the only hangup for me and most others here, is we've used this tutorial:
http://forum.pfsense.org/index.php/topic,24752.msg130558/topicseen.html#msg130558

and are at the point where we've successfully established a connection, but no traffic at all will pass to my main lan, nor to the internet.
my LAN network is 192.168.3.0/24
my ipsec network ive assigned is 192.168.4.0/24
(if you need id be happy to give you screenshots of the ipsec setup.)

i'm hoping you or mlanner would get a howto goin' about this, in a separate thread which we could point people to; that or hope that iOS 5 will allow for openvpn links ::)

_igor_ · Apr 20, 2011, 7:02 PM

only to clear that up:

After connect you can access from your phone/pad any service/documents which are located on LAN-side.
You try to get access to WAN from your phone via the tunnel and have no success?
You can not connect to any service/documents when trying to access from LAN to phone?

So the only thing i did was setting a rule from any to any at the IPSEC-tab.
I cann access from and to the phone, surfing the internet mostly fails with timeouts, but that happens on bad line. And that feature i rarely need.

schnubert · Apr 21, 2011, 7:49 AM

Hey …

do you use IPSEC with PSK method or via Certificates?

ericab · Apr 21, 2011, 5:01 PM

hi schnubert;
if your asking me, it is PSK

schnubert · Apr 21, 2011, 10:28 PM

hmm…
I would rather prefer certificates... ???