On Apr 12, 2011, at 3:17 PM, Vick Khera wrote: > On Tue, Apr 12, 2011 at 2:04 PM, Fuchs, Martin > <martin.fu...@trendchiller.com> wrote: > I have IPSec from my iPhone To pfsense here... > Have a look at the Forums. It took some Time but now it works... > > I found in the forum that it requires pfSense 2.0. Does that still stand > true? > > And do you configure it via pfSense GUI or a manual hack to the racoon config > file? > > I don't find a definitive answer on the forum at all, just a bunch of try > this try that and speculation followed by a bunch of "doesn't work for me" > and "works for me, sorta". > > The closest I've found is > http://forum.pfsense.org/index.php/topic,24752.msg130558/topicseen.html#msg130558 > > Is that the current "state of the art" for iPhone -> pfSense VPN? It seems > to be in conflict with how I want mobile client settings for my "road > warrior" network VPNs, such as my home office. Ie, I do not want to have a > virtual address pool for those connections.
I have used pfSense 2.0 to set up up an IPsec VPN usable from an iPod Touch, which I believe uses the same client as the iPhone and iPad. I used pretty much the setup from the link you give above. In my case, my Phase 2 has "Local Network" of type "Network" and the address is that of my pfSense LAN (whereas the forum post uses Local Network Type "None"). (I actually have two Phase 2 entries, the one just described and another that is the same except the address is 10.0.0.0/24, to allow VPN access to that private network reachable from the pfSense LAN.) I did all configuration via the pfSense GUI. The setup routes all traffic for the network behind the pfSense gateway (172.23.23.0/24 and 10.0.0.0/24) over the IPsec VPN; other traffic goes out as per normal. Split DNS works, and private DNS hostnames are resolved correctly. The VPN works fine when NAT-T is in use. (The same config doesn't work for my office Mac, which is not behind a NAT.) I also tried the L2TP server in pfSense 2.0 today with the Mac OS X L2TP VPN client but couldn't even get it to connect. :-( Cheers, Paul. --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
