Recent Changes - Search:


Code:


Social:


My journals will take the place of a blog. If you go to the Journal page there is an RSS feed to subscribe with.

« November 2017 
SunMonTueWedThuFriSat
   1234
567891011
12131415161718
19202122232425
2627282930  

Sites I take responsibility for

West Volusia, Florida

Documents

Technical

General

Me

Living

Places I frequent

Hobbies

Humor

Items for sale:


Clipboard

edit SideBar

Apple iPod Touch and iPhone - How to setup a personal VPN

Include our styles below Infobox - invoke as >>infobox<< ... >><<

Codebox: - invoke as >>codebox<< ... >><<

warnbox: - invoke as >>codebox<< ... >><<

editingbox: - invoke as >>codebox<< ... >><<

noticebox: - invoke as >>codebox<< ... >><<

Page bread crumbs: Welcome to ke3vin.org! - My Public Technical Notes - Hardware - Devices - Apple - All IOS Devices - HOWT Os - VPN

Pages by tags: (:listtags:)
Subscribe to this wiki: RSS Feed RSS or subscribe to this page for changes: RSS Feed RSS
496 articles have been published so far. Recent changes
Share

2016-03-22: This site is being moved to my main site at https://kevininscoe.com/wiki as part of a consolidation to one domain.


How I do it:

Many modern routers support creating a VPN directly on their hardware using PPTP or L2TP. Most notably D-Link. Linksys I found you have to load DD-WRT or Tomato. But in my case I didn't want to be tied to a hardware solution so I implemented this using my main Linux server at home.

I also wanted true IPSec security but according to Apple the current firmware versions for the iPhone or iPod Touch cannot support this. And also not available sadly is SSL VPN so your flexibility is limited (this means the easy to setup OpenVPN is out). And since I detest the buggy and less secure Microsoft designed PPTP and need machine-to-machine VPN anyway that leaves really with only one option: L2TP to a Linux server behind my firewall at home.

L2TP has two options: "Gateway mode" where the remote gateway is used, and ALL traffic goes down the tunnel, or "Split" where only traffic destined for the private net is tunneled. The latter (Split) is less secure (you're effectively making the l2tp client part of the perimeter) but means extraneous activity doesn't swipe bandwidth. If your clients are in the hands of trustworthy, intelligent users not running as admin, the split mode may be the best option. In this case since I am the sole user and owner of the connection I opt for Split mode.

According to http://support.apple.com/kb/HT1288

The i* (iPhone and iPod Touch devices) support L2TP/IPSec with Shared Secret authentication (A.K.A. password) or since I cannot afford nor want expensive (and closed) security hardware such as a RSA SecurID or Cisco CRYPTOCard that leaves me with (again) broken CHAP. I will go with machine to machine password security. This is a risk particularly if I lose the iPod. However again I am the sole user and owner of the connection and the iPod and that I can change the password remotely via alternative host based access methods I posses else where so I will accept this risk. Note these steps I am giving you here really should <b>NOT</b> be used for an enterprise (or uncontrolled shared use - a family or close knit trusted group might be acceptable) and in my opinion the iPhone since it still does not support true IPsec (at least as of firmware 2.1) does not make a suitable VPN client.

http://docs.info.apple.com/article.html?artnum=305723

iPhone supports the following configurations of PPTP and L2TP/IPSec protocols for VPN (Virtual private networks):

 * PPTP + MSCHAPv2
* L2TP/IPSec with SharedSecret + MSCHAPv2

iPhone does not support:

 * Pure IPSec
* IPSec Machine Certificates
* PPP User Certificates or SmartCard (EAP-TLS)
* L2TP/IPSec Kerberos Authentication Token
* RSA-SecurID (EAP-RSA) Authentication Token

iPhone and iPod touch Manuals: http://support.apple.com/manuals/#iphone

iPhone and iPod touch Enterprise Deployment Guide: http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf

Now the Linux server software:

Based on the above needs I chose OpenSWAN (previously Free S/WAN).

I installed the OpenSWAN on a Gentoo 2008 server in my home but any distribution will work (I will leave exactly how you install OpenSWAN on your particular to a Google search).

Configuration:

.... coming soon


Notes:

Notes:

http://www.netheaven.com/TunnelTypes.html

http://support.apple.com/kb/HT1424

http://support.apple.com/kb/HT1288

http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf

http://www.openswan.org/code/

http://www.jacco2.dds.nl/networking/openswan-l2tp.html

http://www.macworld.com/article/58991/2007/07/iphone_security.html

http://lists.openswan.org/pipermail/users/2007-July/012761.html

http://www.jacco2.dds.nl/networking/openswan-l2tp.html

http://www.jacco2.dds.nl/networking/freeswan-l2tp.html

http://www.jacco2.dds.nl/networking/freeswan-panther.html

http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_23710980.html

http://lists.openswan.org/pipermail/users/2007-November/013585.html

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch35_:_Configuring_Linux_VPNs

http://archives.free.net.ph/message/20070704.034904.412c149a.en.html

http://www.natecarlson.com/linux/ipsec-x509.php

http://developer.apple.com/documentation/Security/Conceptual/Security_Overview/Concepts/chapter_3_section_8.html

http://www.ipsec-howto.org/ipsec-howto.pdf

http://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol

http://www.cisco.com/en/US/docs/ios/12_0t/12_0t1/feature/guide/l2tpT.html

http://www.faqs.org/rfcs/rfc1918.html

Other sites of interest:

http://www.publicvpn.com/

http://vpnprivacy.com/

http://openvpn.net/


Kevin's Public Wiki maintained and created by Kevin P. Inscoe is licensed under a
Creative Commons Attribution 3.0 United States License.

Back to my web site - http://kevininscoe.com

Edit - History - Print - Recent Changes - Search
Page last modified on April 03, 2012, at 08:55 AM EST