[strongSwan] VPN from iPad to ubuntu-10.4
Andreas
strongswan2011 at insecteam.de
Sat Jul 2 13:50:26 CEST 2011
Michael Holstein wrote:
> ...
> The web also works for certificate distribution .. just use the correct
> MIME type.
> ...
Hi Michael,
yes, thank you, I've tried this - successfuly.
> The better question is why are you trying to do L2TP when iOS supports
> IPSEC natively? (unless you also want to support android .. which you
> can't do with strongswan/crt anyway since android sends a borked id_ipv4
> as an identifier)
>
> LT2P is triple (and maybe quadruple) encapsulated ..
>
> (packet) -> ppp -> lt2p -> ipsec -> ipsec-natt -> host
>
> versus ..
>
> (packet) -> ipsec -> host
>
> (or)
>
> (packet) -> ipsec -> ipsec-natt -> host
> ...
Oh yes, you are right of course. I just tried both, and using
L2TP I was a very little bit more successful in the beginning (I
saw ESP packets being exchanged). That's why I tried to follow
this way for the beginning.
> Cheers,
>
> Michael Holstein
> Cleveland State University
Meanwhile I have not been more successful with strongswan than at
the time of my first post. But I found a success report including
complete config example using racoon:
http://blog.dest-unreach.be/2011/03/03/iphone-compatible-ipsec-vpn-on-an-ubuntu-server-with-ldap-authentication
I replaced LDAP authentication with system authentication,
adapted the IPs and IP ranges, and I got a VPN connection to the
company network from Internet-connected iPad immediately.
I'm going to follow that way now, as I'm more near to my goals
than ever before. As that's all about racoon, this list isn't
adequate any more for questions or further success reports.
Thank you, folks, for your valuable help!
Andreas
More information about the Users
mailing list