Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ipsec ikev2 on ios8

    Scheduled Pinned Locked Moved 2.2 Snapshot Feedback and Problems - RETIRED
    10 Posts 5 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bradlay
      last edited by

      I've been searching for this combination and I've yet to find anybody with a solution.
      Is this something that anybody has done yet? If so I'd love to hear about it.

      So far I've seen: https://atix.co/?p=12 which talks about the server side, and https://wiki.strongswan.org/projects/strongswan/wiki/AppleIKEv2Profile which has the client side (with some bugs).

      I did attempt to start with doing IKEv1 following https://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0 but to no avail, I continually get authentication errors - so I'm suspecting there might be some issue with this configuration in 2.2

      My pfsense setup is:

      2.2-BETA (amd64)
      built on Fri Oct 10 17:42:46 CDT 2014
      FreeBSD 10.1-RC2

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Mobile IKEv1 with iOS definitely works on 2.2, that's one of the circumstances I've tested a number of times over the past month or two. Both on iOS 7 and 8.

        IKEv2 with iOS is something I haven't tried.

        1 Reply Last reply Reply Quote 0
        • B
          bradlay
          last edited by

          @cmb:

          Mobile IKEv1 with iOS definitely works on 2.2, that's one of the circumstances I've tested a number of times over the past month or two. Both on iOS 7 and 8.

          Do the instructions above for Mobile 2.0 still apply?

          1 Reply Last reply Reply Quote 0
          • B
            bradlay
            last edited by

            @cmb:

            Mobile IKEv1 with iOS definitely works on 2.2, that's one of the circumstances I've tested a number of times over the past month or two. Both on iOS 7 and 8.

            IKEv2 with iOS is something I haven't tried.

            Followed https://blog.andregasser.net/how-to-configure-ipsec-vpn-on-pfsense-for-use-with-iphone-ipad-android-windows-and-linux/ to a tee, but no matter what I do it fails with "User authentication failed."

            From the logs:

            Oct 13 21:53:57 charon: 06[IKE] <con2|117>no XAuth secret found for '192.168.0.2' - 'vpn'
            Oct 13 21:53:57 charon: 06[IKE] no XAuth secret found for '192.168.0.2' - 'vpn'
            Oct 13 21:53:57 charon: 06[IKE] <con2|117>XAuth authentication of 'vpn' failed
            Oct 13 21:53:57 charon: 06[IKE] XAuth authentication of 'vpn' failed</con2|117></con2|117>

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              That shows you're trying to auth as user 'vpn', and either that user doesn't exist in the user manager, you're using a wrong password, or the user doesn't have IPsec dial-in rights.

              1 Reply Last reply Reply Quote 0
              • B
                bradlay
                last edited by

                @cmb:

                That shows you're trying to auth as user 'vpn', and either that user doesn't exist in the user manager, you're using a wrong password, or the user doesn't have IPsec dial-in rights.

                After checking and double checking all the settings I decided to reboot as a last resort and afterwards the authentication errors went away…
                Now on to figuring out the connectivity issues!

                1 Reply Last reply Reply Quote 0
                • A
                  abcslayer
                  last edited by

                  In few previous snapshot, I have test IKEv1 & v2:

                  • There are same issue "no XAuth secret found" then in few next snapshot (in end of Sep) this error gone. I did report on this forum. IKEv2 failed (can not connect). I do add user with XAuth right so no problem about user here.

                  • In snapshot of early Oct the error "no XAuth secret found" happen again, authentication always failed. I give up testing till now.

                  1 Reply Last reply Reply Quote 0
                  • E
                    eri--
                    last edited by

                    Please show logs.

                    Though l2tp+ipsec should work nowdays so you can just use that with iOS!

                    1 Reply Last reply Reply Quote 0
                    • C
                      charliem
                      last edited by

                      @abcslayer:

                      • In snapshot of early Oct the error "no XAuth secret found" happen again, authentication always failed. I give up testing till now.

                      Try a snapshot after 8-Oct if you have not yet tried one: https://forum.pfsense.org/index.php?topic=82126.msg452078#msg452078

                      I believe ipsec was broken for a while after the change from FreeBSD 10.0 –> 10.1 and StrongSwan 5.1.2 to 5.2.0.  Except for some re-keying issues, ipsec is working for me after 8-Oct.

                      1 Reply Last reply Reply Quote 0
                      • A
                        abcslayer
                        last edited by

                        I have updated newest snapshot, it seems that IKEv1, PSK + XAuth is working.
                        I am trying IKEv1, RSA but failed (I tried IKEv2, EAP-TLS but failed then step back to IKEv1).
                        I am not sure if the certificate has issue (I use the Cert Manager on pfSense to create the certs, CA, it is quite useful if things work)
                        Thank you for your recomment.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.