VPN Configuration Profiles iOS4

I have also verified that running iOS4.1 fixes the aggressive mode issue. I can now connect to our Cisco VPN Server running ASA 8.2. We are running an Hybrid XAuth configuration with 3DES.

I really hope that apple addresses this issue soon. It ***** not being able to use public w-lan!

Using iPhone 4 with iOS 4.1 connecting to L2TP VPN server on Vigor 2820.
I've tried setting the router to only use AES for IPSec encryption but still having the same problem connecting. PPTP works fine. Hopefully this will be fixed by iOS 4.2...

I've just had the same issue... after upgrading to 4.2.1 I could no longer connect to our L2TP vpn. Luckily I've access to the logs and the config.

In order to successfully dial in I needed to change:
Phase 1 proposal encryption to AES128
Phase 1 proposal authentication to MD5
Phase 1 key group to DH2

Hope that helps

Hi, for anyone with a draytek router/firewall and ios 4 (i've just tested with my iphone 3gs) I have the exact setting that are needed to establish a pptp or l2tp with ipsec vpn.

1. Under vpn and remote access > remote access control I have all 2 options on :pptp, ipsec & l2tp
2. under ipsec general setup the important thing for l2tp with ipsec to work is: set a pre-shared key, and under ipsec security method only have 3des enabled
3. Under remote dial in user I have a user created with a pwd and only enabled l2tp with ipsec policy set to "must" and everything else left to it's default settings

Then on the iphone I have created a profile on the phone manually for L2TP with the server set to my ip address (a domain name using dyndns hasn't been tested yet), account as the username, password and the password setup in the draytek router and secret same as the pre-shared key set in the router, finally send all traffic set to on.

I will try a domain name and hope this is the problem that needs sorting next on wither the router and or the iphone

Unfortunately I couldn't get your suggestion to work Dh4rm3sh, not sure why, I tried a zillion times (i've got a DrayTek 2710vn and iphone 4/ipad iOS 4.2.1).

eventually got it to work, but my similar method involves some black magic and I'm not sure what was the final step which sorted it (also involved using a beta firmware from DrayTek support).

details here: http://forums.whirlpool.net.au/forum-replies.cfm?t=1486587

(i'm using a dynDNS domain also)

good luck to others, pity this isn't as simple as it was pre iOS 4 (when it worked without any fiddling)

scott

Hello gents,
our admin is almost at the point to give up the iphone 4 (iOs 4.3.1).
VPN connection fails in phase 1.
we tried AES-128 (failed)

Any help/idea would be greatly appreciated!


Apr 14 22:17:04 USER-iPhone configd[26] <Notice>: IPSec connecting to server [COM.PAN.YSE.RVE.R]
Apr 14 22:17:04 USER-iPhone configd[26] <Notice>: IPSec Phase1 starting.
Apr 14 22:17:04 USER-iPhone configd[26] <Notice>: SCNC: start, triggered by Preferences, type IPSec, status 0
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: *** racoon started: pid=3120 started by: 1
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: @(#) racoon / IPsec-tools
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: @(#)This product linked OpenSSL 0.9.7l 28 Sep 2006 ( http://www.openssl.org/)
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: Reading configuration from "/etc/racoon/racoon.conf"
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] WARNING: /var/run/racoon/[COM.PAN.YSE.RVE.R].conf:17: "support_mip6" it is obsoleted. use "support_proxy".
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: racoon launched by launchd.
Apr 14 22:17:04 USER-iPhone sandboxd[3121] <Notice>: racoon(3120) deny network-outbound /private/var/tmp/launchd/sock
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: 10.7.172.122[500] used as isakmp port (fd=7)
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: 10.7.172.122[4500] used as isakmp port (fd=8)
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: 192.168.2.101[500] used as isakmp port (fd=9)
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: 192.168.2.101[4500] used as isakmp port (fd=10)
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: fe80::129a:ddff:fe27:d1a9%en0[500] used as isakmp port (fd=11)
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: fe80::129a:ddff:fe27:d1a9%en0[4500] used as isakmp port (fd=12)
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: ::1[500] used as isakmp port (fd=13)
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: ::1[4500] used as isakmp port (fd=14)
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: 127.0.0.1[500] used as isakmp port (fd=15)
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: 127.0.0.1[4500] used as isakmp port (fd=16)
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: fe80::1%lo0[500] used as isakmp port (fd=17)
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: fe80::1%lo0[4500] used as isakmp port (fd=18)
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: found launchd socket.
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] NOTIFY: accepted connection on vpn control socket.
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: accept a request to establish IKE-SA: [COM.PAN.YSE.RVE.R]
Apr 14 22:17:04 USER-iPhone racoon[3120] <Notice>: IPSec connecting to server [COM.PAN.YSE.RVE.R]
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: initiate new phase 1 negotiation: 192.168.2.101[500]<=>[COM.PAN.YSE.RVE.R][500]
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] INFO: begin Identity Protection mode.
Apr 14 22:17:04 USER-iPhone racoon[3120] <Notice>: IPSec Phase1 started (Initiated by me).
Apr 14 22:17:04 USER-iPhone racoon[3120] <Info>: [3120] ERROR: fatal NO-PROPOSAL-CHOSEN notify messsage, phase1 should be deleted.
Apr 14 22:17:04 USER-iPhone kernel[0] <Debug>: launchd[3120] Builtin profile: racoon (sandbox)
Apr 14 22:17:07 USER-iPhone racoon[3120] <Info>: [3120] ERROR: fatal NO-PROPOSAL-CHOSEN notify messsage, phase1 should be deleted.
Apr 14 22:17:11 USER-iPhone racoon[3120] <Info>: [3120] ERROR: fatal NO-PROPOSAL-CHOSEN notify messsage, phase1 should be deleted.
Apr 14 22:17:13 USER-iPhone racoon[3120] <Info>: [3120] ERROR: fatal NO-PROPOSAL-CHOSEN notify messsage, phase1 should be deleted.
Apr 14 22:17:14 USER-iPhone configd[26] <Notice>: IPSec disconnecting from server [COM.PAN.YSE.RVE.R]
Apr 14 22:17:14 USER-iPhone racoon[3120] <Info>: [3120] WARNING: glob found no matches for path "/var/run/racoon/*.conf"
Apr 14 22:17:14 USER-iPhone racoon[3120] <Info>: [3120] INFO: 10.7.172.122[500] used as isakmp port (fd=7)
Apr 14 22:17:14 USER-iPhone racoon[3120] <Info>: [3120] INFO: 192.168.2.101[500] used as isakmp port (fd=8)
Apr 14 22:17:14 USER-iPhone racoon[3120] <Info>: [3120] INFO: fe80::129a:ddff:fe27:d1a9%en0[500] used as isakmp port (fd=9)
Apr 14 22:17:14 USER-iPhone racoon[3120] <Info>: [3120] INFO: ::1[500] used as isakmp port (fd=10)
Apr 14 22:17:14 USER-iPhone racoon[3120] <Info>: [3120] INFO: 127.0.0.1[500] used as isakmp port (fd=11)
Apr 14 22:17:14 USER-iPhone racoon[3120] <Info>: [3120] INFO: fe80::1%lo0[500] used as isakmp port (fd=12)
Apr 14 22:17:15 USER-iPhone racoon[3120] <Info>: [3120] INFO: racoon shutdown