[strongSwan] VPN from iPad to ubuntu-10.4

Andreas strongswan2011 at insecteam.de
Sat Jul 2 13:50:26 CEST 2011

Michael Holstein wrote:
> ...
> The web also works for certificate distribution .. just use the correct
> MIME type.
> ...

Hi Michael,

yes, thank you, I've tried this - successfuly.

> The better question is why are you trying to do L2TP when iOS supports
> IPSEC natively? (unless you also want to support android .. which you
> can't do with strongswan/crt anyway since android sends a borked id_ipv4
> as an identifier)
> LT2P is triple (and maybe quadruple) encapsulated ..
> (packet) -> ppp -> lt2p -> ipsec -> ipsec-natt -> host
> versus ..
> (packet) -> ipsec -> host
> (or)
> (packet) -> ipsec -> ipsec-natt -> host
> ...

Oh yes, you are right of course. I just tried both, and using 
L2TP I was a very little bit more successful in the beginning (I 
saw ESP packets being exchanged). That's why I tried to follow 
this way for the beginning.

> Cheers,
> Michael Holstein
> Cleveland State University

Meanwhile I have not been more successful with strongswan than at 
the time of my first post. But I found a success report including 
complete config example using racoon:


I replaced LDAP authentication with system authentication, 
adapted the IPs and IP ranges, and I got a VPN connection to the 
company network from Internet-connected iPad immediately.

I'm going to follow that way now, as I'm more near to my goals 
than ever before. As that's all about racoon, this list isn't 
adequate any more for questions or further success reports.

Thank you, folks, for your valuable help!


More information about the Users mailing list