Best pfsense 2.0 VPN for use with Apple devices?



  • I've been using OpenVPN for a few years and really like it.  However, work is switching to the iPhone, so I'd like to be able to connect to my home network from anywhere.  I had hoped that iOS 5 would allow someone to develop an OpenVPN client that doesn't require a jail-broken phone, but it doesn't look like that is the case.

    So, what's the most secure (best) solution for VPN between a pfsense 2.0 box and an Apple device?  PPTP appears to have some security flaws that I'd rather not deal with.  L2TP doesn't appear to offer encryption of the link at this point, only tunneling, and encryption won't be implemented in the 2.0 release (correct me if I'm wrong).  That leaves IPSEC, which doesn't appear to be too difficult to setup, though I often see it referred to as being difficult to setup.

    So is IPSEC the best VPN solution under pfsense 2.0 for use with Apple iOS devices?  Would I have trouble connecting from behind a NAT?  What about 2 layers (I travel somewhat often and use a travel router)?



  • well;

    the BEST solution would be to use OpenVPN; but this will require a jailbroken device running iOS 5, which untill now does not exist (Untethered that is…)
    in this case; you'd want to use GuizmoVPN for iOS.

    the second best would be IPSEC, however;
    good luck finding a step-by-step tutorial if you have any issues.
    i know for a fact there are some folks on this board whom have successfully established a tunnel via IPSEC, but the information to do so is sparse and scattered.

    your best bet would be to post in the Bounties section of this forum, and offer a monetary incentive.



  • IPsec is the best bet. No problems with NAT, works great. Not hard to setup if you understand how IPsec works with those devices, not documented yet though.



  • Hi,

    IPSec is your best bet. Follow this guide here to get it to work with iOS devices and the OS X built in VPN client: http://forum.pfsense.org/index.php/topic,24752.msg130558/topicseen.html#msg130558

    PPTP would work too, but is considered less secure.

    OpenVPN is imho the best solution for road warriors (not as flexible or fast as ipsec, but really easy to set up and always works - as compared to ipsec where sometimes the firewall you are behind blocks ipsec traffic), but there is no "open" OpenVPN client (there are apps in the app store for certain manufacturers that also use ssl vpn) for iOS devices, so you need to go with IPSec and it works well.



  • Thanks guys!



  • Quick follow-up question: Does it make sense to leave my OpenVPN server running "just in case" for my laptops or should I consolidate and only use IPSec?



  • I would let the OpenVPN server up. So you do not have to reconfigure the laptops. I think it will be enough work to put all iphones into IPsec.


Locked