VPN Configuration Profiles iOS4

I recognize that this is an Apple issue, but can it can be solved now by your Sys Admin, all they have to do is make sure that the VPN proposal is AES-128, and not 3DES, in my case I was able to change the second proposal on my SonicWall Pro 2040, therefore not affecting Windows, Mac or Linux clients, but fixing the iPhone clients I have.

As I have stated before contact the system administrator of your company and ask him if he can setup a second proposal on the same VPN server, and make this AES-128, or simply create a second VPN signon server so iPhone users can connect, I don't know how much this is affecting your business, but in my case I tried the change and it works, all of my clients are supported, so good news, as for Apple, they can take there time as far as I am concerned.

I tried the same change and it did nothing to help. The fact is apple blew it by obviously not testing iOS4 adequately before testing it. Sysadmins shouldn't be forced to make undocumented changes to their setups to make something work again that worked fine before. Hopefully apple gets this resolved ASAP.

same thing here. The workaround doesn't work for me because i need to connect to a university-network, that i, personally, can't configure.
surprisingly it worked once! i don't know why but suddenly i was connected to the WLAN, so i could switch on the VPN client (cisco ipsec). will apple fix this problem soon? or can i downgrade? nice effects and no multitasking (ipod touch 2g) cannot compete with a working VPN client...

Message was edited by: sanpipe

Wow. I guess I'm late to this party. Tried hooking up to our SonicWALL via my iPhone 4 today and nothing. iPad is fine. Found this thread. Tried the AES128. It works.

My Mac got disconnected though. VPN Tracker needed the checkbox for DES unticked for it to work. Got a lot of people on that though, well okay maybe 8. So back to 3DES for phase 2. Anyways, I hope Apple fixes this. Would like to not have to do a lot of work just because they altered the VPN settings of iOS 4.

Hi,

I noticed my mobileconfig profile would not work, as well. I read up online and did not find a good answer, so I tried this. 1st I removed the profile from the iphone, then I reset the iphone 4 by holding down the top power button and the home button until it powers off (hold it down even as the power switch pops up) - Once it booted back up, I added the profile and it worked. It showed up in VPN and tested successfully. Hope this helps. The reason I tried this was I read about over issues that a reset fixed, such as auto brightness not working and sync issues. FYI - I sync'd all my photos and movies and the photos and movies did not show up on the phone till I took a pictures with the phone. Go figure... Great iphone anyways - I Don't care! lol

Glad it worked for you but I tried it this evening and it didn't work for me.

Like other people on this link - VPN worked for me before but doesn't with OS4.

Guess I'm back to waiting for Apple!

I have a customer with iPad (OS v3.x) and iPhone4 (OS v.4.x). SonicWall TZ210 was set to Ipsec (Phase 2) Proposal / Encryption: 3DES, since the days of the original iPhone.

Recently the customer upgraded from iPhone3 to iPhone4 and discovered that they cannot establish a VPN session from iPhone4. iPad was still working but not reliably.

This is what I discovered.

iPad can connect to SonicWall TZ210 with 3DES and AES-128. iPhone supports AES-128 only.

I set Ipsec (Phase 2) Proposal / Encryption: AES-128 and now both iPad and iPhone4 can connect reliably.

-Vladimir

I have an iPhone 3GS with ios 3.0x and current which is ios 4.0.1
The ios 4.x does not work but the one with ios 3.x does work.
My router is the Draytek 2820n
I'm using the ipsek pre shared key, have aes 3des des all enabled on the router.
On the phones the config is the same.
I will be logging this with Apple as I have identical hardware and configs except for the ios on each one.
This topic has definitely helped put my mind at rest as I thought i may have been doing something wrong.

I've verified this issue with Cisco ASA 8.2 (1) with Hybrid XAUTH. Manually configuring the VPN profile from the iPhone itself works, but you have to disable XAUTH on the concentrator as there's no way to set this option from the phone's native interface.

I found this same issue today. I am a user and have no ability to adjust our very large corporate VPN infrastructure.

However, I found a way to get it to work. Sorry, but I have no idea if this is using AES or 3DES. Can I find out on the iPhone side once connected?

Anyway, I went to unlockit.co.nz and created and installed a profile for US - AT&T, which seemed to point to the same wap at cingular servers that it normally should. I don't know. What I do know is that after installing the certificates sent by this site, I can now VPN over 3G.

Has anyone been able to find a work around for this issue with an iPhone OS 4 connecting to a Cisco ASA 5500 Series VPN? I have confirmed that changing the proposals to AES-128 does not work on the Cisco ASA.

Initial testing with iOS 4.1 shows that updating solves the problem. The configuration profile from iPCU now works.

I will test with some more phones tonight and give a final confirmation.

Our VPN server was a Cisco ASA. To recap: it appeared from debugging on the VPN server side that the phone was not trying Aggressive Mode when used with pre-shared key configuration loaded from an iPCU profile. iOS 4.0, 4.0.1 and 4.0.2 all had the issue. 4.1 fixes it.

Using iPhone 4 with iOS 4.1 connecting to L2TP VPN server on Vigor 2820.
I've tried setting the router to only use AES for IPSec encryption but still having the same problem connecting. PPTP works fine. Hopefully this will be fixed by iOS 4.2...

Hi, for anyone with a draytek router/firewall and ios 4 (i've just tested with my iphone 3gs) I have the exact setting that are needed to establish a pptp or l2tp with ipsec vpn.

1. Under vpn and remote access > remote access control I have all 2 options on :pptp, ipsec & l2tp
2. under ipsec general setup the important thing for l2tp with ipsec to work is: set a pre-shared key, and under ipsec security method only have 3des enabled
3. Under remote dial in user I have a user created with a pwd and only enabled l2tp with ipsec policy set to "must" and everything else left to it's default settings

Then on the iphone I have created a profile on the phone manually for L2TP with the server set to my ip address (a domain name using dyndns hasn't been tested yet), account as the username, password and the password setup in the draytek router and secret same as the pre-shared key set in the router, finally send all traffic set to on.

I will try a domain name and hope this is the problem that needs sorting next on wither the router and or the iphone