On Thu, 8 Dec 2011, "James Harper" <james.harper@bendigoit.com.au> wrote:
Looking at my iPhone, my VPN options are L2TP, PPTP, and IPSec. The IPSec appears to be Cisco flavoured but last time I checked I think the Linux IPSEC implementation claimed compatibility with Cisco IPSEC... that was a long time ago though so I may be wrong. My iPhone also claimed support for RSA SecurID, or a password that can be saved or "ask every time".
My impression is that RSA SecurID is just a different way of supplying a password to be used by one of the other sessions. Admittedly if a session had password discovery as the most concerning weakness (which may be the case here) then that would solve things nicely. But other than that it doesn't seem to be a great benefit.
If you can get IPSEC working with the iPhone that will be the best option I think. Googling for Openswan and iphone looks superficially promising, but you may find it less promising if you dig further. http://www.jacco2.dds.nl/networking/freeswan-panther.html#iPhone says:
The ADSL device has no apparent support for forwarding IPSEC. It does PPTP, http, https, and a bunch of gaming protocols. So basically anything that runs over TCP on arbitrary ports can be made to work (presumably they wouldn't attempt to mess with the HTTPS protocol and wouldn't bother much with some of the other protocols like HTTP). But it doesn't seem that the iPhone does that.
I'm not sure if the L2TP option is L2TP + IPSEC either... I have no use for a VPN on my iPhone as I can access all my services externally via HTTPS or SSH.
The company that supplies some of the server software I am dealing with expressed their level of confidence in their work by recommending that it be protected by a VPN. :( -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/