Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
[SOLVED] IPsec VPN for iPhone Device
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] IPsec VPN for iPhone Device (Read 21444 times)
payback007
Newbie
Posts: 20
Karma: 1
[SOLVED] IPsec VPN for iPhone Device
«
on:
January 11, 2019, 01:17:18 am »
Dear all,
since a few days I'm trying to setup a working IPsec VPN connection to my iPhone. I tried it with several options, with certificate, with PSK, ... Always the same issue, I get no connection to my IPsec-VPN-server. At the meantime I think there are some firewall rules missing, due to the fact "VPN server does not answer". But I released all necessary ports like described in the wiki.
If I'm trying OpenVPN connection between iPhone and OPNsense does work without problems.
Does anybody have an idea what to do? Thanks very much!
«
Last Edit: January 21, 2019, 09:38:06 pm by payback007
»
Logged
payback007
Newbie
Posts: 20
Karma: 1
Re: IPsec VPN for iPhone Device
«
Reply #1 on:
January 19, 2019, 11:06:27 pm »
Hi guys,
are there any ideas about this topic IPsec-road-warrior seem not working on OSX/iOS-devices? I think the main issue is that for the mobile-client the "peer identifier" seems to be missing?
Logged
jeuler
Newbie
Posts: 24
Karma: 2
Re: IPsec VPN for iPhone Device
«
Reply #2 on:
January 21, 2019, 07:28:51 pm »
From a pragmatical point of view: What's wrong with an OpenVPN setup (which seems to work fine)?
I haven't even tried to use IPsec for road warriors since years on either IPcop, sophos-utm and OPNsense due to various caveats I stumbled upon with the various clients (different Windows flavors, OSX, iOS, Android...).
My set-ups have been using IPsec for (static) site-2-site connections and OpenVPN for (dynamic) road warriors ever since, thus drastically reducing support overhead.
Logged
payback007
Newbie
Posts: 20
Karma: 1
Re: IPsec VPN for iPhone Device
«
Reply #3 on:
January 21, 2019, 09:22:58 pm »
The "problem" is either I want to have authentication either by Xauth_PSK or by certificate with the IPsec-iOS-client. Don't want to install an additional APP only for VPN connections. So only "IPsec CISCO client" is natively supported by iOS device.
Meanwhile I found the issue
IPsec was/is not working with the proposed solution in OPNsense-wiki
with my iOS device (iOS version v12.1.2), maybe wiki is not up to date or what ever. I can't say, but here are the differences I found:
OPNsense-wiki:
a) IKEv1 to be set for VPN_iOS connection -> not working
b) peer_identifier -> no more available with "Mutual PSK + Xauth"
working configuration for my OPNsense now:
a) set IKE_auto (not v1 or v2 explicitly)
b) leave "group name" empty in iOS native IPsec CISCO client
What is not nice from my point of view is to provide only one PSK for all users and no individual PSK for each user, but for future I will see to identify by user_cert and transfer to iOS with profile. But for the moment the solution is working very well, so my tests can go on.
Logged
weust
Hero Member
Posts: 650
Karma: 57
Re: [SOLVED] IPsec VPN for iPhone Device
«
Reply #4 on:
June 28, 2019, 11:42:19 am »
I was trying to get IPsec Road Warrior to work last weekend, and stumbled on this issue as well.
What I mainly missed was the ability to set the privileges on the user's groups for xauth, as you can only choose from GUI items.
I will try your two configuration settings. Hopefully it will work then.
Logged
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
[SOLVED] IPsec VPN for iPhone Device