VPN Configuration Profiles iOS4

Wow. I guess I'm late to this party. Tried hooking up to our SonicWALL via my iPhone 4 today and nothing. iPad is fine. Found this thread. Tried the AES128. It works.

My Mac got disconnected though. VPN Tracker needed the checkbox for DES unticked for it to work. Got a lot of people on that though, well okay maybe 8. So back to 3DES for phase 2. Anyways, I hope Apple fixes this. Would like to not have to do a lot of work just because they altered the VPN settings of iOS 4.

Hi,

I noticed my mobileconfig profile would not work, as well. I read up online and did not find a good answer, so I tried this. 1st I removed the profile from the iphone, then I reset the iphone 4 by holding down the top power button and the home button until it powers off (hold it down even as the power switch pops up) - Once it booted back up, I added the profile and it worked. It showed up in VPN and tested successfully. Hope this helps. The reason I tried this was I read about over issues that a reset fixed, such as auto brightness not working and sync issues. FYI - I sync'd all my photos and movies and the photos and movies did not show up on the phone till I took a pictures with the phone. Go figure... Great iphone anyways - I Don't care! lol

Glad it worked for you but I tried it this evening and it didn't work for me.

Like other people on this link - VPN worked for me before but doesn't with OS4.

Guess I'm back to waiting for Apple!

Changing the second proposal to AES-128 worked for me on an NSA 4500.

I have a customer with iPad (OS v3.x) and iPhone4 (OS v.4.x). SonicWall TZ210 was set to Ipsec (Phase 2) Proposal / Encryption: 3DES, since the days of the original iPhone.

Recently the customer upgraded from iPhone3 to iPhone4 and discovered that they cannot establish a VPN session from iPhone4. iPad was still working but not reliably.

This is what I discovered.

iPad can connect to SonicWall TZ210 with 3DES and AES-128. iPhone supports AES-128 only.

I set Ipsec (Phase 2) Proposal / Encryption: AES-128 and now both iPad and iPhone4 can connect reliably.

-Vladimir

I have an iPhone 3GS with ios 3.0x and current which is ios 4.0.1
The ios 4.x does not work but the one with ios 3.x does work.
My router is the Draytek 2820n
I'm using the ipsek pre shared key, have aes 3des des all enabled on the router.
On the phones the config is the same.
I will be logging this with Apple as I have identical hardware and configs except for the ios on each one.
This topic has definitely helped put my mind at rest as I thought i may have been doing something wrong.

I can also confirm switching from 3DES to AES-128 on a SonicWall TZ210 does the trick for the iPhone 4 running iOS 4.0.1.

Thanks everyone!

I've verified this issue with Cisco ASA 8.2 (1) with Hybrid XAUTH. Manually configuring the VPN profile from the iPhone itself works, but you have to disable XAUTH on the concentrator as there's no way to set this option from the phone's native interface.

I found this same issue today. I am a user and have no ability to adjust our very large corporate VPN infrastructure.

However, I found a way to get it to work. Sorry, but I have no idea if this is using AES or 3DES. Can I find out on the iPhone side once connected?

Anyway, I went to unlockit.co.nz and created and installed a profile for US - AT&T, which seemed to point to the same wap at cingular servers that it normally should. I don't know. What I do know is that after installing the certificates sent by this site, I can now VPN over 3G.

I can connect VPN via PPTP on iPhone 4 iOS4 to Draytek 2820n but not with L2TP. Not ideal but at least it works until Apple have resolved the issue.

Thanks, this was exactly the answer I was looking for... You saved me a lot of time .
Thanks

Has anyone been able to find a work around for this issue with an iPhone OS 4 connecting to a Cisco ASA 5500 Series VPN? I have confirmed that changing the proposals to AES-128 does not work on the Cisco ASA.

I'm in the same boat as the rest of you. I hope Apple allows 3DES to work in a future iOS4 update.

Initial testing with iOS 4.1 shows that updating solves the problem. The configuration profile from iPCU now works.

I will test with some more phones tonight and give a final confirmation.

Our VPN server was a Cisco ASA. To recap: it appeared from debugging on the VPN server side that the phone was not trying Aggressive Mode when used with pre-shared key configuration loaded from an iPCU profile. iOS 4.0, 4.0.1 and 4.0.2 all had the issue. 4.1 fixes it.

I updated to 4.1 and L2TP VPN using 3DES still does not work !

I hate updates that reduce functionality...