On Apr 12, 2011, at 3:17 PM, Vick Khera wrote:

> On Tue, Apr 12, 2011 at 2:04 PM, Fuchs, Martin 
> <martin.fu...@trendchiller.com> wrote:
> I have IPSec from my iPhone To pfsense here...
> Have a look at the Forums. It took some Time but now it works...
> 
> I found in the forum that it requires pfSense 2.0.  Does that still stand 
> true?
> 
> And do you configure it via pfSense GUI or a manual hack to the racoon config 
> file?
> 
> I don't find a definitive answer on the forum at all, just a bunch of try 
> this try that and speculation followed by a bunch of "doesn't work for me" 
> and "works for me, sorta".
> 
> The closest I've found is 
> http://forum.pfsense.org/index.php/topic,24752.msg130558/topicseen.html#msg130558
> 
> Is that the current "state of the art" for iPhone -> pfSense VPN?  It seems 
> to be in conflict with how I want mobile client settings for my "road 
> warrior" network VPNs, such as my home office.  Ie, I do not want to have a 
> virtual address pool for those connections.


I have used pfSense 2.0 to set up up an IPsec VPN usable from an iPod Touch, 
which I believe uses the same client as the iPhone and iPad.  I used pretty 
much the setup from the link you give above.  In my case, my Phase 2 has "Local 
Network" of type "Network" and the address is that of my pfSense LAN (whereas 
the forum post uses Local Network Type "None").  (I actually have two Phase 2 
entries, the one just described and another that is the same except the address 
is 10.0.0.0/24, to allow VPN access to that private network reachable from the 
pfSense LAN.)

I did all configuration via the pfSense GUI.  The setup routes all traffic for 
the network behind the pfSense gateway (172.23.23.0/24 and 10.0.0.0/24) over 
the IPsec VPN; other traffic goes out as per normal.  Split DNS works, and 
private DNS hostnames are resolved correctly.

The VPN works fine when NAT-T is in use.  (The same config doesn't work for my 
office Mac, which is not behind a NAT.)

I also tried the L2TP server in pfSense 2.0 today with the Mac OS X L2TP VPN 
client but couldn't even get it to connect. :-(

Cheers,

Paul.



---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Reply via email to