Visual Guide to Configuring IPSec VPN using RSA + Xauth and iOS Roadwarriors

twaldorf · Mar 13, 2012, 2:08 PM

There is only one last thing, which is a little bit annoying:

If I uncheck the box with "Provide login banner to clients", there comes an empty login banner up. Is there no possibility to completly disable the banner? I use VPN on demand and so I have to click all the time on "OK" on the iPhone…

azzido · Mar 13, 2012, 2:40 PM

If you are talking about the message 'VPN Connection' with buttons OK and disconnect that iOS shows after connection is established then I don't think there is a way to disable that.

hagak · Mar 29, 2012, 1:51 AM

Thanks for the guide using it and iphone Configuration utility I was able to setup my iphone with VPN on demand, which is a slick feature with one issue. I can not figure out how to make it save my password. Everytime I connect to the VPN it prompts for the user password. It appears if you create the VPN connection on the phone manually via this guide it will save the user password, however if you do it via the iphone configuration utility I do not see a way to save the password.

Any ideas?

twaldorf · Mar 29, 2012, 6:24 AM

@hagak:

Thanks for the guide using it and iphone Configuration utility I was able to setup my iphone with VPN on demand, which is a slick feature with one issue. I can not figure out how to make it save my password. Everytime I connect to the VPN it prompts for the user password. It appears if you create the VPN connection on the phone manually via this guide it will save the user password, however if you do it via the iphone configuration utility I do not see a way to save the password.

Any ideas?

Create an unsigned .mobileconfig and edit it with any text editor. Add these two lines behind the XAuthName-Block:

<key>XAuthPassword</key> 
<string>Your Password</string>

Best regards,

Thorsten

hagak · Mar 29, 2012, 1:56 PM

Sweet will give that a shot this info. Odd that if the configs support such a feature that the tool would not have the interface to use it. Course Apple is known for lack of options.

twaldorf · Mar 29, 2012, 2:32 PM

@hagak:

Odd that if the configs support such a feature that the tool would not have the interface to use it. Course Apple is known for lack of options.

I think it's just because everybody could read the password as clear text…

hagak · Mar 29, 2012, 4:36 PM

@twaldorf:

@hagak:

Odd that if the configs support such a feature that the tool would not have the interface to use it. Course Apple is known for lack of options.

I think it's just because everybody could read the password as clear text…

Well there are ways they could encrypt the password to at least make it more difficult to see.

hagak · Mar 29, 2012, 9:44 PM

@twaldorf:

Create an unsigned .mobileconfig and edit it with any text editor. Add these two lines behind the XAuthName-Block:
<key>XAuthPassword</key> 
<string>Your Password</string>
Best regards,

Thorsten

This did not seem to work. I assume after I edit the file I open the file with iphone configurator to load it on the iphone.

hagak · Mar 29, 2012, 9:48 PM

If I export the conf back out the added lines are not there

hagak · Mar 29, 2012, 9:52 PM

I figured it out:)

You need to email the mobileconfig file to your phone and install it via the email on the phone. Success.

seattle-it · Nov 21, 2012, 3:27 AM

For whatever reason, racoon segfaults when I run RSA+Xauth after the client sends back the XAUTH_USER_PASSWORD. This doesn't happen with PSK+Xauth oddly. >:(