<![CDATA[IOS mobile IPSec connectivity [screenshots]]]>Hi folks,

I've read most of the threads on this forum with the keywords "IPSec" and "iOS" in them and I just can't get this setup to work for me. Running 2.0.2-RELEASE.

I've taken screenshots of what I think are all of the relavent sections… I'm able to connect from my iOS devices but unable to route anywhere (can't load the web interface for pfSense or google.com).

Screenshots to follow...

Firewall rule:

IPSec enabled:

p1 part 1:

p1 part 2:

p2:

SAD (after multiple attempts) – note that even if I reboot racoon to clear these out and only have two entries I get the same results:

SPD:

]]>https://forum.netgate.com/topic/52120/ios-mobile-ipsec-connectivity-screenshotsRSS for NodeMon, 13 Apr 2026 05:38:48 GMTSat, 19 Jan 2013 05:45:44 GMT60<![CDATA[Reply to IOS mobile IPSec connectivity [screenshots] on Mon, 04 Feb 2013 20:54:22 GMT]]>@jimp:

make sure the client(s) are also set to use NAT-T, and make sure nothing is blocking UDP/4500 between the clients and the firewall

Clients are iOS 6 devices on 3G, so no in-depth settings there. Firewall is open:
https://www.evernote.com/shard/s12/sh/659a1b61-92b4-470e-8d3c-f6c40616ce51/24d11db24ce72f1e9383166dfdcdb1e4/deep/0/Screenshot%202/4/13%204:00%20PM.jpg

]]>https://forum.netgate.com/post/376910https://forum.netgate.com/post/376910Mon, 04 Feb 2013 20:54:22 GMT<![CDATA[Reply to IOS mobile IPSec connectivity [screenshots] on Mon, 04 Feb 2013 20:46:06 GMT]]>make sure the client(s) are also set to use NAT-T, and make sure nothing is blocking UDP/4500 between the clients and the firewall

]]>https://forum.netgate.com/post/376906https://forum.netgate.com/post/376906Mon, 04 Feb 2013 20:46:06 GMT<![CDATA[Reply to IOS mobile IPSec connectivity [screenshots] on Mon, 04 Feb 2013 20:31:42 GMT]]>Unfortunately this doesn't work for me. If I set NAT-T to "Force," clients are unable to connect (at all).

]]>https://forum.netgate.com/post/376899https://forum.netgate.com/post/376899Mon, 04 Feb 2013 20:31:42 GMT<![CDATA[Reply to IOS mobile IPSec connectivity [screenshots] on Mon, 04 Feb 2013 20:05:43 GMT]]>The Cisco VPN client is one that is only likely to work once, and never again, until you restart racoon. Also by using the Cisco client to connect to a non-Cisco device, you're technically violating the terms of its license agreement.

Make sure that you have:
(Phase 1)
Policy Generation: Unique
Proposal Checking: Strict

System > Advanced, Miscellaneous tab.
Uncheck "Prefer Old IPsec SA"

]]>https://forum.netgate.com/post/376881https://forum.netgate.com/post/376881Mon, 04 Feb 2013 20:05:43 GMT<![CDATA[Reply to IOS mobile IPSec connectivity [screenshots] on Wed, 30 Jan 2013 09:25:24 GMT]]>@spi:

Also work with Cisco VPN client on PC's

Which version?  I've NEVER got it to work!  Currently using 5.0.07.0410

]]>https://forum.netgate.com/post/375768https://forum.netgate.com/post/375768Wed, 30 Jan 2013 09:25:24 GMT<![CDATA[Reply to IOS mobile IPSec connectivity [screenshots] on Wed, 30 Jan 2013 09:21:52 GMT]]>This is my (working) config - works with iOS 5.x, 6.0.x & 6.1 so far.

Some redactions for obvious reasons!

PS.  There is a DNS resolution bug in iOS 6.0.x, now resolved in 6.1 that may also have caused  problems: no DNS lookups for .local using VPN over cellular.

P1.PNG
P1.PNG_thumb
P2.PNG
P2.PNG_thumb
Ext.PNG
Ext.PNG_thumb
User.PNG
User.PNG_thumb
Firewall.PNG
Firewall.PNG_thumb

]]>https://forum.netgate.com/post/375765https://forum.netgate.com/post/375765Wed, 30 Jan 2013 09:21:52 GMT<![CDATA[Reply to IOS mobile IPSec connectivity [screenshots] on Tue, 29 Jan 2013 16:57:13 GMT]]>Thanks for the suggestion. I made that change, but it had no effect. The clients still connect, but no traffic is passed.

]]>https://forum.netgate.com/post/375614https://forum.netgate.com/post/375614Tue, 29 Jan 2013 16:57:13 GMT<![CDATA[Reply to IOS mobile IPSec connectivity [screenshots] on Tue, 29 Jan 2013 16:40:14 GMT]]>Hi bwoodruff

my own IOS VPN integration is almost exactly as yours and works from iPads…iphones. OSX os's and so on.
Also work with Cisco VPN client on PC's

ive added a diff screenshot in the P1 configuration. When not set as i have it now...IOS devices cant connect.

see the attachment

![Skærmbillede 2013-01-29 kl. 17.42.44.png](/public/imported_attachments/1/Skærmbillede 2013-01-29 kl. 17.42.44.png)
![Skærmbillede 2013-01-29 kl. 17.42.44.png_thumb](/public/imported_attachments/1/Skærmbillede 2013-01-29 kl. 17.42.44.png_thumb)

]]>https://forum.netgate.com/post/375609https://forum.netgate.com/post/375609Tue, 29 Jan 2013 16:40:14 GMT<![CDATA[Reply to IOS mobile IPSec connectivity [screenshots] on Sun, 27 Jan 2013 16:19:28 GMT]]>Hi Sparky,

Thanks for the suggestions but unfortunately neither work.

With NAT-T set to Force, the devices can no longer connect at all. With the sending available routes box checked, traffic routes around the VPN tunnel instead of through it (it goes out over 3G/WiFi).

]]>https://forum.netgate.com/post/375119https://forum.netgate.com/post/375119Sun, 27 Jan 2013 16:19:28 GMT<![CDATA[Reply to IOS mobile IPSec connectivity [screenshots] on Sun, 27 Jan 2013 01:17:37 GMT]]>2 things to try, try enable or Force the NAT Traversal under the Advance Options. The other thing which I don't see in your screenshots, there's a tick box somewhere related to sending available routes to the client or something along those lines. Try untick that. With that ticked I was finding that after bringing up the VPN on my iPad, traffic was just being sent straight out of it's wifi interface and not down the tunnel.

]]>https://forum.netgate.com/post/375045https://forum.netgate.com/post/375045Sun, 27 Jan 2013 01:17:37 GMT