Solved

VPN on I-Phone 5

Posted on 2013-01-15
13
402 Views
Last Modified: 2013-06-09
I'm having troubles connecting to our corporate VPN on an I-Phone 5.  Our current setup is a L2TP w/ PSK and certificate for authentication.  The VPN at the office is made up of a RAS server, hosted on Windows 2003 and a certificate server that goes out on a dedicated public IP address that the outside world can see.  The problem with any VPN software on Apple and Android phones, is there is no setup that only looks for a certificate, it always asks for a password for authentication.  There is no password in this case, thats what the certificate is for.  Has anyone run into this or have any ideas?  I've tried multiple VPN clients in the App Store, but maybe I missed one.  Also, I was able to get it to work on a MacBook Pro on the Snow Leopard OS so I would think there would be a way to get this to work.

Thank You!
0
Comment
Question by:SGCAdmin
  • 7
  • 6
13 Comments
 
LVL 62

Expert Comment

by:btan
ID: 38781330
Rightfully you should see it after by "add vpn configuration" option and in this case example in link it is Cisco and can state use user certificate

http://www.personal.psu.edu/dmt155/iphonevpn/

Useful info

http://help.apple.com/iosdeployment-vpn/mac/1.1/?lang=en-us#appc28ee2b9
http://www.fatofthelan.com/technical/using-the-apple-ipadiphone-configuration-utility-for-vpn/
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 38783232
Hi Breadtan,

Thanks for the info and response.  Unfortunately, the Cisco IPSec config only allows a certificate with no option for PSK.   I am however, looking into a couple of the clients in that second link that I haven't tried, however, its not looking good so far.
0
 
LVL 62

Expert Comment

by:btan
ID: 38785201
Pardon me if I misunderstand but it is either certificate or psk, which doubt it can be both.

https://supportforums.cisco.com/thread/2160186
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 38787177
We actually do have it working with both and have been using it this way for over 8 years.  This may not be a typical setup, but its that much more secure when you need a certificate and a PSK to connect.  Both Microsoft and Apple both have configuration options in their computer OS's, apparently, just not in their phone OS's.  

I'm still digging for a possible solution, I'd hate to change what's been working for us.
0
 
LVL 62

Expert Comment

by:btan
ID: 38787365
noted i can understand that. You may want to check this interesting discussion. it has a table on the testing done with PSK and Cert via 3G, iwif to internet, wifi to LAN. I am suspecting you are looking out for Cert+Xauth (though i am not sure of the config)

https://discussions.apple.com/thread/4312913?start=30&tstart=0

It did point to IOS 6.0.1 - http://support.apple.com/kb/DL1606
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 38788908
Thanks for the research.  I can confirm however it doesn't work on both wireless or 3g/4g data so that update wouldnt apply.  I'm losing faith that there is mobile vpn software that looks for both cert and PSK.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 62

Expert Comment

by:btan
ID: 38790003
Will see if chanced upon any other info but maybe posting to apple forum or even post this to vendor of interest may widen the scope...
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 38814381
I setup a test RRAS server so I could play with all configuations I could think of w/o affecting users, and I still cannot get this working.  I've also noticed, I cannot get certificate only based authentication working either, only MS-Chap V2 and L2TP PSK by itself works on the phone.  I think the default VPN I-Phone software, Cisco Any Connect for IPSEC, only accepts Cisco certificates and not Microsoft CA certificates.  I cannot find any info for anyone that has setup a Microsoft RRAS and used certificates as authentication on the i-phone or android.
0
 
LVL 62

Expert Comment

by:btan
ID: 38814509
It may be the insult vpn stack but certificate base should be standard of adhering to x509v3..cannot wonder Cisco cert is possible but not Microsoft certificate....unless they are different key algorithm
0
 
LVL 1

Accepted Solution

by:
SGCAdmin earned 0 total points
ID: 38868477
For now, we decided to go with a very complicated PSK and Active Directory authentication instead of using a certificate.  This is all setup on a new RAS server dedicated for just phone VPN.  Kind of disappointing, but at least I am still using Cert and PSK for PC communication.

Thanks!

Also, I'm not sure how to close this, as this was not solved.  I would like to leave the question in the system, in case someone else finds this.
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 39217311
Can anyone assist in closing this?  Please see my last comment for details why.

Thanks
0
 
LVL 62

Expert Comment

by:btan
ID: 39217776
You can close with points awarded if they had helped or likewise close it without any point awarded. Can request attention if needed further assistance etc. Thanks!
0
 
LVL 1

Author Closing Comment

by:SGCAdmin
ID: 39232717
See above.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now