Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

VPN on I-Phone 5

Posted on 2013-01-15
13
Medium Priority
?
418 Views
Last Modified: 2013-06-09
I'm having troubles connecting to our corporate VPN on an I-Phone 5.  Our current setup is a L2TP w/ PSK and certificate for authentication.  The VPN at the office is made up of a RAS server, hosted on Windows 2003 and a certificate server that goes out on a dedicated public IP address that the outside world can see.  The problem with any VPN software on Apple and Android phones, is there is no setup that only looks for a certificate, it always asks for a password for authentication.  There is no password in this case, thats what the certificate is for.  Has anyone run into this or have any ideas?  I've tried multiple VPN clients in the App Store, but maybe I missed one.  Also, I was able to get it to work on a MacBook Pro on the Snow Leopard OS so I would think there would be a way to get this to work.

Thank You!
0
Comment
Question by:SGCAdmin
  • 7
  • 6
13 Comments
 
LVL 65

Expert Comment

by:btan
ID: 38781330
Rightfully you should see it after by "add vpn configuration" option and in this case example in link it is Cisco and can state use user certificate

http://www.personal.psu.edu/dmt155/iphonevpn/

Useful info

http://help.apple.com/iosdeployment-vpn/mac/1.1/?lang=en-us#appc28ee2b9
http://www.fatofthelan.com/technical/using-the-apple-ipadiphone-configuration-utility-for-vpn/
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 38783232
Hi Breadtan,

Thanks for the info and response.  Unfortunately, the Cisco IPSec config only allows a certificate with no option for PSK.   I am however, looking into a couple of the clients in that second link that I haven't tried, however, its not looking good so far.
0
 
LVL 65

Expert Comment

by:btan
ID: 38785201
Pardon me if I misunderstand but it is either certificate or psk, which doubt it can be both.

https://supportforums.cisco.com/thread/2160186
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
LVL 1

Author Comment

by:SGCAdmin
ID: 38787177
We actually do have it working with both and have been using it this way for over 8 years.  This may not be a typical setup, but its that much more secure when you need a certificate and a PSK to connect.  Both Microsoft and Apple both have configuration options in their computer OS's, apparently, just not in their phone OS's.  

I'm still digging for a possible solution, I'd hate to change what's been working for us.
0
 
LVL 65

Expert Comment

by:btan
ID: 38787365
noted i can understand that. You may want to check this interesting discussion. it has a table on the testing done with PSK and Cert via 3G, iwif to internet, wifi to LAN. I am suspecting you are looking out for Cert+Xauth (though i am not sure of the config)

https://discussions.apple.com/thread/4312913?start=30&tstart=0

It did point to IOS 6.0.1 - http://support.apple.com/kb/DL1606
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 38788908
Thanks for the research.  I can confirm however it doesn't work on both wireless or 3g/4g data so that update wouldnt apply.  I'm losing faith that there is mobile vpn software that looks for both cert and PSK.
0
 
LVL 65

Expert Comment

by:btan
ID: 38790003
Will see if chanced upon any other info but maybe posting to apple forum or even post this to vendor of interest may widen the scope...
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 38814381
I setup a test RRAS server so I could play with all configuations I could think of w/o affecting users, and I still cannot get this working.  I've also noticed, I cannot get certificate only based authentication working either, only MS-Chap V2 and L2TP PSK by itself works on the phone.  I think the default VPN I-Phone software, Cisco Any Connect for IPSEC, only accepts Cisco certificates and not Microsoft CA certificates.  I cannot find any info for anyone that has setup a Microsoft RRAS and used certificates as authentication on the i-phone or android.
0
 
LVL 65

Expert Comment

by:btan
ID: 38814509
It may be the insult vpn stack but certificate base should be standard of adhering to x509v3..cannot wonder Cisco cert is possible but not Microsoft certificate....unless they are different key algorithm
0
 
LVL 1

Accepted Solution

by:
SGCAdmin earned 0 total points
ID: 38868477
For now, we decided to go with a very complicated PSK and Active Directory authentication instead of using a certificate.  This is all setup on a new RAS server dedicated for just phone VPN.  Kind of disappointing, but at least I am still using Cert and PSK for PC communication.

Thanks!

Also, I'm not sure how to close this, as this was not solved.  I would like to leave the question in the system, in case someone else finds this.
0
 
LVL 1

Author Comment

by:SGCAdmin
ID: 39217311
Can anyone assist in closing this?  Please see my last comment for details why.

Thanks
0
 
LVL 65

Expert Comment

by:btan
ID: 39217776
You can close with points awarded if they had helped or likewise close it without any point awarded. Can request attention if needed further assistance etc. Thanks!
0
 
LVL 1

Author Closing Comment

by:SGCAdmin
ID: 39232717
See above.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn how to use the free Acronis True Image app to easily transfer data between iPhones and Android phones.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question