Do I always need XAuth when using IPsec? (re: iPhone VPN and XAuth)

  • I'm trying to setup my iPhone with pfSense (Raccoon) IPsec and everything is working properly but I have a question…

    Is it "safe" and/or possible to disable XAuth authentication and only use certificate authentication with pfSense/Raccoon?

    The problem is that the iPhone doesn't save the XAuth password so I have to enter it every time I enable the VPN which is annoying since I THINK I have enough security based on the certificate authentication.  Please correct me if I'm wrong.

  • Rebel Alliance Developer Netgate

    …until someone steals your phone and then has unlimited access to your network...

    The certificate auth, I believe, only replaces the pre-shared key part, not the username/password part.

Log in to reply