Solved

VPN on I-Phone 5

Posted on 2013-01-15
13
401 Views
Last Modified: 2013-06-09
I'm having troubles connecting to our corporate VPN on an I-Phone 5.  Our current setup is a L2TP w/ PSK and certificate for authentication.  The VPN at the office is made up of a RAS server, hosted on Windows 2003 and a certificate server that goes out on a dedicated public IP address that the outside world can see.  The problem with any VPN software on Apple and Android phones, is there is no setup that only looks for a certificate, it always asks for a password for authentication.  There is no password in this case, thats what the certificate is for.  Has anyone run into this or have any ideas?  I've tried multiple VPN clients in the App Store, but maybe I missed one.  Also, I was able to get it to work on a MacBook Pro on the Snow Leopard OS so I would think there would be a way to get this to work.

Thank You!
0
Comment
Question by:SGCAdmin
  • 7
  • 6
13 Comments
 
LVL 61

Expert Comment

by:btan
ID: 38781330
Rightfully you should see it after by "add vpn configuration" option and in this case example in link it is Cisco and can state use user certificate

http://www.personal.psu.edu/dmt155/iphonevpn/

Useful info

http://help.apple.com/iosdeployment-vpn/mac/1.1/?lang=en-us#appc28ee2b9
http://www.fatofthelan.com/technical/using-the-apple-ipadiphone-configuration-utility-for-vpn/
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 38783232
Hi Breadtan,

Thanks for the info and response.  Unfortunately, the Cisco IPSec config only allows a certificate with no option for PSK.   I am however, looking into a couple of the clients in that second link that I haven't tried, however, its not looking good so far.
0
 
LVL 61

Expert Comment

by:btan
ID: 38785201
Pardon me if I misunderstand but it is either certificate or psk, which doubt it can be both.

https://supportforums.cisco.com/thread/2160186
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 38787177
We actually do have it working with both and have been using it this way for over 8 years.  This may not be a typical setup, but its that much more secure when you need a certificate and a PSK to connect.  Both Microsoft and Apple both have configuration options in their computer OS's, apparently, just not in their phone OS's.  

I'm still digging for a possible solution, I'd hate to change what's been working for us.
0
 
LVL 61

Expert Comment

by:btan
ID: 38787365
noted i can understand that. You may want to check this interesting discussion. it has a table on the testing done with PSK and Cert via 3G, iwif to internet, wifi to LAN. I am suspecting you are looking out for Cert+Xauth (though i am not sure of the config)

https://discussions.apple.com/thread/4312913?start=30&tstart=0

It did point to IOS 6.0.1 - http://support.apple.com/kb/DL1606
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 38788908
Thanks for the research.  I can confirm however it doesn't work on both wireless or 3g/4g data so that update wouldnt apply.  I'm losing faith that there is mobile vpn software that looks for both cert and PSK.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 61

Expert Comment

by:btan
ID: 38790003
Will see if chanced upon any other info but maybe posting to apple forum or even post this to vendor of interest may widen the scope...
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 38814381
I setup a test RRAS server so I could play with all configuations I could think of w/o affecting users, and I still cannot get this working.  I've also noticed, I cannot get certificate only based authentication working either, only MS-Chap V2 and L2TP PSK by itself works on the phone.  I think the default VPN I-Phone software, Cisco Any Connect for IPSEC, only accepts Cisco certificates and not Microsoft CA certificates.  I cannot find any info for anyone that has setup a Microsoft RRAS and used certificates as authentication on the i-phone or android.
0
 
LVL 61

Expert Comment

by:btan
ID: 38814509
It may be the insult vpn stack but certificate base should be standard of adhering to x509v3..cannot wonder Cisco cert is possible but not Microsoft certificate....unless they are different key algorithm
0
 
LVL 1

Accepted Solution

by:
SGCAdmin earned 0 total points
ID: 38868477
For now, we decided to go with a very complicated PSK and Active Directory authentication instead of using a certificate.  This is all setup on a new RAS server dedicated for just phone VPN.  Kind of disappointing, but at least I am still using Cert and PSK for PC communication.

Thanks!

Also, I'm not sure how to close this, as this was not solved.  I would like to leave the question in the system, in case someone else finds this.
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 39217311
Can anyone assist in closing this?  Please see my last comment for details why.

Thanks
0
 
LVL 61

Expert Comment

by:btan
ID: 39217776
You can close with points awarded if they had helped or likewise close it without any point awarded. Can request attention if needed further assistance etc. Thanks!
0
 
LVL 1

Author Closing Comment

by:SGCAdmin
ID: 39232717
See above.
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Join & Write a Comment

If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now