[Openswan Users] OpenSwan and iPhone
paul at xelerance.com
Wed Nov 25 09:49:21 EST 2009
On Wed, 25 Nov 2009, Helmut Manck wrote:
>> Why not use L2TP? People are using that on their iphones to Openswan without
> The L2TP-support of the iPhone cannot use certificates to authenticate
> the server side (just preshared key). Thus it is basically vulnerable to
> man-in-the-middle attacks. The IPsec client _can_ use certificates to
> authenticate. IPsec is better ;-)
> doesn't change behaviour:
> Nov 25 09:49:03 server011 pluto: "vpngateway-intranet"
> <iphone-ip> #1: received MODECFG message when in state
> STATE_MODE_CFG_R1, and we aren't xauth client
There are also modeconfig option you can try and enable.
#modecfgpull=yes (dangerous on a server)
Our modeconfig stuff is very limited though.
More information about the Users