Solved

VPN on I-Phone 5

Posted on 2013-01-15
13
406 Views
Last Modified: 2013-06-09
I'm having troubles connecting to our corporate VPN on an I-Phone 5.  Our current setup is a L2TP w/ PSK and certificate for authentication.  The VPN at the office is made up of a RAS server, hosted on Windows 2003 and a certificate server that goes out on a dedicated public IP address that the outside world can see.  The problem with any VPN software on Apple and Android phones, is there is no setup that only looks for a certificate, it always asks for a password for authentication.  There is no password in this case, thats what the certificate is for.  Has anyone run into this or have any ideas?  I've tried multiple VPN clients in the App Store, but maybe I missed one.  Also, I was able to get it to work on a MacBook Pro on the Snow Leopard OS so I would think there would be a way to get this to work.

Thank You!
0
Comment
Question by:SGCAdmin
  • 7
  • 6
13 Comments
 
LVL 63

Expert Comment

by:btan
ID: 38781330
Rightfully you should see it after by "add vpn configuration" option and in this case example in link it is Cisco and can state use user certificate

http://www.personal.psu.edu/dmt155/iphonevpn/

Useful info

http://help.apple.com/iosdeployment-vpn/mac/1.1/?lang=en-us#appc28ee2b9
http://www.fatofthelan.com/technical/using-the-apple-ipadiphone-configuration-utility-for-vpn/
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 38783232
Hi Breadtan,

Thanks for the info and response.  Unfortunately, the Cisco IPSec config only allows a certificate with no option for PSK.   I am however, looking into a couple of the clients in that second link that I haven't tried, however, its not looking good so far.
0
 
LVL 63

Expert Comment

by:btan
ID: 38785201
Pardon me if I misunderstand but it is either certificate or psk, which doubt it can be both.

https://supportforums.cisco.com/thread/2160186
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 1

Author Comment

by:SGCAdmin
ID: 38787177
We actually do have it working with both and have been using it this way for over 8 years.  This may not be a typical setup, but its that much more secure when you need a certificate and a PSK to connect.  Both Microsoft and Apple both have configuration options in their computer OS's, apparently, just not in their phone OS's.  

I'm still digging for a possible solution, I'd hate to change what's been working for us.
0
 
LVL 63

Expert Comment

by:btan
ID: 38787365
noted i can understand that. You may want to check this interesting discussion. it has a table on the testing done with PSK and Cert via 3G, iwif to internet, wifi to LAN. I am suspecting you are looking out for Cert+Xauth (though i am not sure of the config)

https://discussions.apple.com/thread/4312913?start=30&tstart=0

It did point to IOS 6.0.1 - http://support.apple.com/kb/DL1606
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 38788908
Thanks for the research.  I can confirm however it doesn't work on both wireless or 3g/4g data so that update wouldnt apply.  I'm losing faith that there is mobile vpn software that looks for both cert and PSK.
0
 
LVL 63

Expert Comment

by:btan
ID: 38790003
Will see if chanced upon any other info but maybe posting to apple forum or even post this to vendor of interest may widen the scope...
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 38814381
I setup a test RRAS server so I could play with all configuations I could think of w/o affecting users, and I still cannot get this working.  I've also noticed, I cannot get certificate only based authentication working either, only MS-Chap V2 and L2TP PSK by itself works on the phone.  I think the default VPN I-Phone software, Cisco Any Connect for IPSEC, only accepts Cisco certificates and not Microsoft CA certificates.  I cannot find any info for anyone that has setup a Microsoft RRAS and used certificates as authentication on the i-phone or android.
0
 
LVL 63

Expert Comment

by:btan
ID: 38814509
It may be the insult vpn stack but certificate base should be standard of adhering to x509v3..cannot wonder Cisco cert is possible but not Microsoft certificate....unless they are different key algorithm
0
 
LVL 1

Accepted Solution

by:
SGCAdmin earned 0 total points
ID: 38868477
For now, we decided to go with a very complicated PSK and Active Directory authentication instead of using a certificate.  This is all setup on a new RAS server dedicated for just phone VPN.  Kind of disappointing, but at least I am still using Cert and PSK for PC communication.

Thanks!

Also, I'm not sure how to close this, as this was not solved.  I would like to leave the question in the system, in case someone else finds this.
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 39217311
Can anyone assist in closing this?  Please see my last comment for details why.

Thanks
0
 
LVL 63

Expert Comment

by:btan
ID: 39217776
You can close with points awarded if they had helped or likewise close it without any point awarded. Can request attention if needed further assistance etc. Thanks!
0
 
LVL 1

Author Closing Comment

by:SGCAdmin
ID: 39232717
See above.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question