iPhone 3G and Sonicwall

I have the same model and called Sonicwall about it. They said it could be done and could help me if I had a service contract ($335 a year) or on a per incident basis $75. I have poked around myself and I think the answer lies in setting up an L2TP connection rather than relying on the IPSEC VPN connection which I believe to be compatible with Cisco servers only. If I get it to work, I'll let you know. Please do the same.

Anyone come up with how to do this yet? I've tried and can't get it yet. I have a Pro2040 and SoHo3 both with VPN.

I posted the same question to SonicWall's support site...should have an answer in a day or two...

They are taking their time in answering, as usual. I will prod them a little more.

I haven't rolled this out yet, but my plan of attack is to enable the L2TP server, flowing into the DNS and WINS internal, and the group Trusted Users.

From there create an account for the iphone in the LOCAL USERS area, in the Trusted Users group, with access to FIREWALLED SUBNETS.

if my strategy changes after rollout I will update accordingly



bwolfe@thecomputer-fix.com

Well I havn't heard anything...YET. I was doing some checking in the SonicWall forums and many people are asking the same question. All answers are kind of vague and don't give much direction. Looks like people are getting stuck during phase 2 of L2TP.

I'll post back if I hear anything...

Ok, I just got a call from a tech at SonicWall. He said that a connection between the iPhone and SonicWall's VPN is not currently supported, but has been made a feature request. They are adding user requests to this case, so if you have an account over at SonicWall, make the feature request, it may push them along...

Sorry I couldn't get an answer, but I hope this helps.

I was able to get it working! but with a SonicWall TZ-170...
Cisco IPSec doesn't work, we have to use L2TP.
so you have to set up an L2TP server.
the local L2TP IP pool (start IP and end IP) must NOT be in the same subnet as your LAN!

configure the GroupVPN settings as this:
IKE using Preshared Secret
Phase1:
DH Group 2
Encryption 3DES
Authentication SHA1
Phase2:
Protocol ESP
Encryption 3DES
Authentication SHA1
disable Perfect Forward Secrecy!
enable Require Authentication with XAUTH

now to the biggest problem: the iPhone must NOT be behind NAT !
most providers will set the mobiles behind a NAT gateway.

my provider Swisscom gives public IPs for some extra money per month...
(it's called CAA: Corporate Application Access)

you'll see something like "doesn't support NAT traversal" in the SonicWalls Log if your iPhone is behind a NAT gateway and tries to connect with L2TP.

hth

I was able to get a Macbook Pro running OS X 10.5.5 to connect to a Sonicwall 4100Pro via L2TP by setting the Group Name field to GroupVPN in the Macbook's Network panel. Without the Group Name setting, the Macbook displays similar behavior to the iPhone, that is it basically tries and times out after about a minute.

I'm going to issue a wild guess that if the L2TP client on the iPhone was able to set Group Name, it would work.

Apple? Please?

I had problems connecting my iPhone 3g with 2003 exchange and Sonicwall. I thought is was a firewall but it was not. The issue was fixed by installing Service Pack 2 for 2003 Exchange Server.

A solution that has worked really well for us is setting up a Debian Linux box with a PPTP VPN Server. There is a really simple step-by-step guide by Nicholas Fong at http://pigtail.net/nicholas/pptp/. We were able to use this guide to spin up a virtual server and have it configured so that we had full connectivity to our corporate network from our iPhone in about two hours. We have SonicWall firewalls and all we had to do was (a) add a Firewall Wan-->Lan rule that allows PPTP (port 1723) for the public IP destination; and (b) add a NAT rule to translate the public IP destination to the private IP of the Debian Linux server for the PPTP service.