[strongSwan] iOS (iPad) connections without xauth
Peter van Liesdonk
pvl at compumatica.eu
Thu Feb 28 11:55:21 CET 2013
On 26/02/13 23:38, Fiederling, Daniel wrote:
> Hi,
>
> I'm currently working on a prototype vpn setup which aims to connect a large number of iPads to our company network. My goal is to connect the iPads via the built-in Cisco-compatible IPsec client with authby=rsasig without xauth.
> The main reason for not using xauth is that the devices are centrally managed by a mdm system which allows to configure the vpn profile and certificates. We don't want our users to input a password upon every connect and as far as I know Apple doesn't allow to preconfigure user/pass for xauth. Using PSK isn't a solution for use due to the large number of devices.
Hi Daniel,
You can actually
1) disable xauth by including XAuthEnabled=0 in the mdm profile's ipsec
section
2) include the user/pass in the profile by including XAuthName and
XAuthPassword in the profile
- It is not possible to disable xauth via the iOS interface itself; only
via a profile.
- even if you don't preconfigure the user/pass for xauth, iOS will save
them after the first successful connect.
Regards,
Peter
More information about the Users
mailing list