[Openswan Users] L2TP using PSK confirmed working on iphone 3.0 and ipod touch 2.2.1
Paul Wouters
paul at xelerance.com
Sat Jun 27 17:05:19 EDT 2009
Hi,
Because people often ask me, I finally sat down with an iphone and an ipod
touch. I can confirm it works on an updated iphone and updated touch.
The tests I did was with openswan-2.4.15 and xl2tpd 1.2.4. due to bug #1004,
you should not use openswan-2.6.x.
On the iphone, it worked via wifi and 3G (even on Rogers in Canada, which
is supposed to filter IPsec unless you buy a business subscription)
The relevant settings:
ipsec.conf:
conn l2tp-psk
authby=secret
pfs=no
auto=add
rekey=no
type=transport
left=publicip
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
rightsubnet=vhost:%priv,%no
ipsec.secrets:
publicip %any: "test"
publicip 0.0.0.0: "test"
xl2tpd.conf:
[lns default]
ip range = 10.1.2.10 - 10.1.2.100
local ip = 10.1.2.1
require chap = yes
refuse pap = yes
require authentication = yes
name = OpenswanVPN
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
options.xl2tpd:
ipcp-accept-local
ipcp-accept-remote
ms-dns 193.110.157.136
ms-dns 193.110.157.2
ms-wins 192.168.1.2
ms-wins 192.168.1.4
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
/etc/ppp/chap-secrets:
# Secrets for authentication using PAP
# client server secret IP addresses
paul * "test" 10.1.2.11
* paul "test" 10.1.2.11
test * "foobar" 10.1.2.0/24
* test "foobar" 10.1.2.0/24
More information about the Users
mailing list