On Thu, 8 Dec 2011, Graeme Cross <gcross@fastmail.fm> wrote:
The last time I looked, PPTP was the only VPN solution that had good cross-platform support on all those platforms. For example, I don't know of an OpenVPN client for (non-jail-broken) iOS clients.
This is exactly the problem that I have. My client uses an iPhone
because he
does everything with Apple and because there are some specific iPhone programs he needs to use.
So the question is, what is the best that I can do with an iPhone as the primary client device?
Looking at my iPhone, my VPN options are L2TP, PPTP, and IPSec. The IPSec appears to be Cisco flavoured but last time I checked I think the Linux IPSEC implementation claimed compatibility with Cisco IPSEC... that was a long time ago though so I may be wrong. My iPhone also claimed support for RSA SecurID, or a password that can be saved or "ask every time". If you can get IPSEC working with the iPhone that will be the best option I think. Googling for Openswan and iphone looks superficially promising, but you may find it less promising if you dig further. http://www.jacco2.dds.nl/networking/freeswan-panther.html#iPhone says: The iPhone is based on Mac OS X. It ships with a built-in client that supports a number of VPN protocols including L2TP/IPsec. I have no first hand experience with the iPhone. Kim Hendrikse reports that the iPhone connects to an Openswan based L2TP/IPsec server but for some reason the iPhone disconnects within a minute if there is no payload traffic, no matter if you use PPP/L2TP/IPsec's keep alive mechanisms. According to an Astaro press release, their Astaro Security Gateway appliance is compatible with the iPhone for both L2TP/IPsec and PPTP. The Astaro Security Gateway is based on Linux (Strongswan, l2tpd etc.) so I suppose it also works with the setup described on this webpage. Most of the links I checked are just as non-committed. I'm not sure if the L2TP option is L2TP + IPSEC either... I have no use for a VPN on my iPhone as I can access all my services externally via HTTPS or SSH. Good luck! James