VPN Configuration Profiles iOS4

Same here I can´t get my CiscoVPN Account to work. It definitively worked under 3.1.3. I´ve reinstalled my Profile under iOS4 but still nothing.

Same problems here with VPN,
I use a VigorPRO 5510 router at the job and have used a L2TP over IPSec configuration on my iPhone. It worked well al the time on my 3.1.3. install. Now I've updated to 4.0 it doesn't work anymore.
Recreated the profile of the VPN. Restarted the router at my job.
When I try from my iMac the VPN works well.

The error on my iPhone is: "The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator."

Same problem here. Upgraded to iOS4 and L2TP VPN to my SonicWall N240 does not work anymore. "L2TP Server does not respond"

Anyone got any type of VPN working with iOS4 ?

Same problem here...

Found out that other users have WLAN Problems if they use DHCP to get IP-Adresses.

Since my L2TP VPN Server is configured to give an IP to the iPhone, maybe this is the same Problem.

I know, this does not fix the problem, but its a start where to look for an error.

I have been able to connect to my VPN. Did not change any settings since my last OS, and when upgraded to OS4.

Same problem with a IPSec(Cisco) profile to a Cisco ASA vpn server.

I suggest people file a bug report with Apple. The more people that do, the faster it will be looked at and resolved.

http://bugreport.apple.com

I filed bug id# 8117591.

Same problem
I recently upgraded to iOS4 on my iPhone 3GS, Prior to the upgrade my Vpn connection to Sonicwall NSA3500 thru L2TP implementation was working great, however, after the upgrade L2TP stopped connecting with the following messages:
IKE Responder: ESP encryption algorithm does not match
IKE Responder: IPSec proposal does not match (Phase 2)

Cannot get it to connect!..

Same issue:

Using IOS4 with Sonicwall NSA2400 L2TP and unable to connect. Worked properly with prior firmware.

I gathered a console log using the iPhone Configuration Utility ( http://www.apple.com/support/iphone/enterprise/) to update my bugreport.

Here is my log:

Tue Jun 22 10:58:34 unknown configd[25] <Debug>: CaptiveNetworkSupport:UIAllowedNotifyCallback:70 uiallowed: false
Tue Jun 22 10:58:35 unknown profiled[550] <Warning>: profiled|Service stopping.
Tue Jun 22 10:58:38 unknown configd[25] <Notice>: IPSec connecting to server vpn.mycompany.com
Tue Jun 22 10:58:38 unknown configd[25] <Notice>: SCNC: start, triggered by Preferences, type IPSec, status 0
Tue Jun 22 10:58:41 unknown configd[25] <Notice>: IPSec Phase1 starting.
Tue Jun 22 10:58:41 unknown racoon[569] <Info>: [569] INFO: *** racoon started: pid=569 started by: 1
Tue Jun 22 10:58:41 unknown racoon[569] <Info>: [569] INFO: @(#) racoon / IPsec-tools
Tue Jun 22 10:58:41 unknown racoon[569] <Info>: [569] INFO: @(#)This product linked OpenSSL 0.9.7l 28 Sep 2006 ( http://www.openssl.org/)
Tue Jun 22 10:58:41 unknown racoon[569] <Info>: [569] INFO: Reading configuration from "/etc/racoon/racoon.conf"
Tue Jun 22 10:58:41 unknown racoon[569] <Info>: [569] WARNING: /var/run/racoon/1.1.1.1.conf:14: "support_mip6" it is obsoleted. use "support_proxy".
Tue Jun 22 10:58:41 unknown racoon[569] <Info>: [569] INFO: racoon launched by launchd.
Tue Jun 22 10:58:41 unknown racoon[569] <Info>: [569] INFO: 10.32.193.226[500] used as isakmp port (fd=7)
Tue Jun 22 10:58:41 unknown racoon[569] <Info>: [569] INFO: 10.32.193.226[4500] used as isakmp port (fd=8)
Tue Jun 22 10:58:41 unknown racoon[569] <Info>: [569] INFO: 127.0.0.1[500] used as isakmp port (fd=9)
Tue Jun 22 10:58:41 unknown racoon[569] <Info>: [569] INFO: 127.0.0.1[4500] used as isakmp port (fd=10)
Tue Jun 22 10:58:41 unknown racoon[569] <Info>: [569] INFO: fe80::1%lo0[500] used as isakmp port (fd=11)
Tue Jun 22 10:58:41 unknown racoon[569] <Info>: [569] INFO: fe80::1%lo0[4500] used as isakmp port (fd=12)
Tue Jun 22 10:58:41 unknown racoon[569] <Info>: [569] INFO: ::1[500] used as isakmp port (fd=13)
Tue Jun 22 10:58:41 unknown racoon[569] <Info>: [569] INFO: ::1[4500] used as isakmp port (fd=14)
Tue Jun 22 10:58:41 unknown racoon[569] <Info>: [569] INFO: found launchd socket.
Tue Jun 22 10:58:41 unknown racoon[569] <Info>: [569] NOTIFY: accepted connection on vpn control socket.
Tue Jun 22 10:58:41 unknown racoon[569] <Info>: [569] INFO: accept a request to establish IKE-SA: 1.1.1.1
Tue Jun 22 10:58:41 unknown racoon[569] <Notice>: IPSec connecting to server 1.1.1.1
Tue Jun 22 10:58:41 unknown racoon[569] <Info>: [569] INFO: initiate new phase 1 negotiation: 10.32.193.226[500]<=>1.1.1.1[500]
Tue Jun 22 10:58:41 unknown racoon[569] <Info>: [569] INFO: begin Identity Protection mode.
Tue Jun 22 10:58:41 unknown racoon[569] <Notice>: IPSec Phase1 started (Initiated by me).
Tue Jun 22 10:58:41 unknown sandboxd[570] <Notice>: racoon(569) deny network-outbound /private/var/tmp/launchd/sock
Tue Jun 22 10:58:41 unknown racoon[569] <Info>: [569] ERROR: delete phase1 handle.
Tue Jun 22 10:58:41 unknown kernel[0] <Debug>: launchd[569] Builtin profile: racoon (sandbox)
Tue Jun 22 10:58:45 unknown racoon[569] <Info>: [569] ERROR: delete phase1 handle.
Tue Jun 22 10:58:47 unknown racoon[569] <Info>: [569] ERROR: delete phase1 handle.
Tue Jun 22 10:58:50 unknown racoon[569] <Info>: [569] ERROR: delete phase1 handle.
Tue Jun 22 10:58:51 unknown configd[25] <Notice>: IPSec disconnecting from server 1.1.1.1
Tue Jun 22 10:58:51 unknown racoon[569] <Notice>: IPSec disconnecting from server 1.1.1.1
Tue Jun 22 10:58:51 unknown racoon[569] <Info>: [569] WARNING: in purgephXbydstaddrwop... purging phase1 and related phase2s
Tue Jun 22 10:58:51 unknown racoon[569] <Info>: [569] INFO: ISAKMP-SA expired 10.32.193.226[500]-1.1.1.1[500] spi:010f91bbfec17b66:0000000000000000
Tue Jun 22 10:58:51 unknown racoon[569] <Info>: [569] WARNING: glob found no matches for path "/var/run/racoon/*.conf"
Tue Jun 22 10:58:51 unknown racoon[569] <Info>: [569] INFO: 10.32.193.226[500] used as isakmp port (fd=7)
Tue Jun 22 10:58:51 unknown racoon[569] <Info>: [569] INFO: 127.0.0.1[500] used as isakmp port (fd=8)
Tue Jun 22 10:58:51 unknown racoon[569] <Info>: [569] INFO: fe80::1%lo0[500] used as isakmp port (fd=9)
Tue Jun 22 10:58:51 unknown racoon[569] <Info>: [569] INFO: ::1[500] used as isakmp port (fd=10)
Tue Jun 22 10:58:52 unknown racoon[569] <Info>: [569] INFO: racoon shutdown

[BTW vpn.mycompany.com and 1.1.1.1 are not real name and address]

The server, a Cisco ASA, logs "%ASA-3-713048: Error processing payload: Payload ID: id".

I have unconfirmed tips that changing the encryption on the VPN server (at least this supposedly works for L2TP connections) to AES-128 resolves the issue. FWIW, I'm using 3DES. Here is my logs from the iPhone Configuration Utility:

FYI, here's what's happening on the iPhone side:

Tue Jun 22 12:11:03 iPhone configd[25] : SCNC: start, triggered by Preferences, type L2TP, status 0
Tue Jun 22 12:11:03 iPhone configd[25] : .934 (+35.687) SCDynamicStore "network" notification
Tue Jun 22 12:11:03 iPhone configd[25] : .996 (+0.061) SCDynamicStore "network" notification
Tue Jun 22 12:11:04 iPhone pppd[1692] : pppd 2.4.2 (Apple version 486) started by mobile, uid 501
Tue Jun 22 12:11:04 iPhone configd[25] : .196 (+0.199) SCDynamicStore "network" notification
Tue Jun 22 12:11:04 iPhone configd[25] : .252 (+0.056) SCDynamicStore "network" notification
Tue Jun 22 12:11:04 iPhone configd[25] : .312 (+0.059) SCDynamicStore "network" notification
Tue Jun 22 12:11:04 iPhone pppd[1692] : L2TP connecting to server 'x.x.x.x' (x.x.x.x)...
Tue Jun 22 12:11:04 iPhone pppd[1692] : IPSec connection started
Tue Jun 22 12:11:04 iPhone racoon[1693] : [1693] INFO: *** racoon started: pid=1693 started by: 1
Tue Jun 22 12:11:04 iPhone racoon[1693] : [1693] INFO: @(#) racoon / IPsec-tools
Tue Jun 22 12:11:04 iPhone racoon[1693] : [1693] INFO: @(#)This product linked OpenSSL 0.9.7l 28 Sep 2006 ( http://www.openssl.org/)
Tue Jun 22 12:11:04 iPhone racoon[1693] : [1693] INFO: Reading configuration from "/etc/racoon/racoon.conf"
Tue Jun 22 12:11:04 iPhone racoon[1693] : [1693] WARNING: /var/run/racoon/x.x.x.x.conf:9: "support_mip6" it is obsoleted. use "support_proxy".
Tue Jun 22 12:11:04 iPhone racoon[1693] : [1693] INFO: racoon launched by launchd.
Tue Jun 22 12:11:04 iPhone sandboxd[1694] : racoon(1693) deny network-outbound /private/var/tmp/launchd/sock
Tue Jun 22 12:11:04 iPhone racoon[1693] : [1693] INFO: 10.16.4.171[500] used as isakmp port (fd=7)
Tue Jun 22 12:11:04 iPhone racoon[1693] : [1693] INFO: 10.16.4.171[4500] used as isakmp port (fd=8)
Tue Jun 22 12:11:04 iPhone racoon[1693] : [1693] INFO: 127.0.0.1[500] used as isakmp port (fd=9)
Tue Jun 22 12:11:04 iPhone racoon[1693] : [1693] INFO: 127.0.0.1[4500] used as isakmp port (fd=10)
Tue Jun 22 12:11:04 iPhone racoon[1693] : [1693] INFO: fe80::1%lo0[500] used as isakmp port (fd=11)
Tue Jun 22 12:11:04 iPhone racoon[1693] : [1693] INFO: fe80::1%lo0[4500] used as isakmp port (fd=12)
Tue Jun 22 12:11:04 iPhone racoon[1693] : [1693] INFO: ::1[500] used as isakmp port (fd=13)
Tue Jun 22 12:11:04 iPhone racoon[1693] : [1693] INFO: ::1[4500] used as isakmp port (fd=14)
Tue Jun 22 12:11:04 iPhone racoon[1693] : [1693] INFO: found launchd socket.
Tue Jun 22 12:11:04 iPhone racoon[1693] : [1693] NOTIFY: accepted connection on vpn control socket.
Tue Jun 22 12:11:04 iPhone racoon[1693] : [1693] INFO: IPsec-SA request for x.x.x.x queued due to no phase1 found.
Tue Jun 22 12:11:04 iPhone racoon[1693] : [1693] INFO: initiate new phase 1 negotiation: 10.16.4.171[500]<=>x.x.x.x[500]
Tue Jun 22 12:11:04 iPhone racoon[1693] : [1693] INFO: begin Identity Protection mode.
Tue Jun 22 12:11:04 iPhone racoon[1693] : IPSec Phase1 started (Initiated by me).
Tue Jun 22 12:11:05 iPhone kernel[0] : launchd[1693] Builtin profile: racoon (sandbox)
Tue Jun 22 12:11:05 iPhone racoon[1693] : [1693] INFO: received Vendor ID: RFC 3947
Tue Jun 22 12:11:05 iPhone racoon[1693] : [1693] INFO: Selected NAT-T version: RFC 3947
Tue Jun 22 12:11:05 iPhone racoon[1693] : [1693] INFO: Hashing x.x.x.x[500] with algo #2
Tue Jun 22 12:11:05 iPhone racoon[1693] : [1693] INFO: Hashing 10.16.4.171[500] with algo #2
Tue Jun 22 12:11:05 iPhone racoon[1693] : [1693] INFO: Adding remote and local NAT-D payloads.
Tue Jun 22 12:11:05 iPhone racoon[1693] : [1693] INFO: NAT-D payload #0 doesn't match
Tue Jun 22 12:11:05 iPhone racoon[1693] : [1693] INFO: NAT-D payload #1 verified
Tue Jun 22 12:11:05 iPhone racoon[1693] : [1693] INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
Tue Jun 22 12:11:05 iPhone racoon[1693] : [1693] INFO: received Vendor ID: DPD
Tue Jun 22 12:11:05 iPhone racoon[1693] : [1693] INFO: NAT detected: ME
Tue Jun 22 12:11:06 iPhone racoon[1693] : [1693] INFO: ISAKMP-SA established 10.16.4.171[4500]-x.x.x.x[4500] spi:799785f0ca7b5cb0:9a6b454c3a130ab0
Tue Jun 22 12:11:06 iPhone racoon[1693] : IPSec Phase1 established (Initiated by me).
Tue Jun 22 12:11:06 iPhone racoon[1693] : [1693] INFO: initiate new phase 2 negotiation: 10.16.4.171[4500]<=>x.x.x.x[4500]
Tue Jun 22 12:11:06 iPhone racoon[1693] : IPSec Phase2 started (Initiated by me).
Tue Jun 22 12:11:06 iPhone racoon[1693] : [1693] INFO: NAT detected -> UDP encapsulation (ENC_MODE 2->4).
Tue Jun 22 12:11:06 iPhone racoon[1693] : [1693] ERROR: fatal NO-PROPOSAL-CHOSEN notify messsage, phase1 should be deleted.
Tue Jun 22 12:11:06 iPhone racoon[1693] : [1693] ERROR: Message: 'l No proposal is chosen'.
Tue Jun 22 12:11:19 iPhone racoon[1693] : [1693] ERROR: fatal NO-PROPOSAL-CHOSEN notify messsage, phase1 should be deleted.
Tue Jun 22 12:11:19 iPhone racoon[1693] : [1693] ERROR: Message: 'l No proposal is chosen'.
Tue Jun 22 12:11:36 iPhone pppd[1692] : IPSec connection failed
Tue Jun 22 12:11:36 iPhone racoon[1693] : [1693] ERROR: x.x.x.x give up to get IPsec-SA due to time up to wait.
Tue Jun 22 12:11:36 iPhone configd[25] : .218 (+31.906) SCDynamicStore "network" notification
Tue Jun 22 12:11:36 iPhone configd[25] : .252 (+0.033) SCDynamicStore "network" notification
Tue Jun 22 12:11:36 iPhone configd[25] : .266 (+0.013) SCDynamicStore "network" notification
Tue Jun 22 12:11:36 iPhone configd[25] : .333 (+0.066) SCDynamicStore "network" notification
Tue Jun 22 12:11:36 iPhone racoon[1693] : [1693] WARNING: glob found no matches for path "/var/run/racoon/*.conf"
Tue Jun 22 12:11:36 iPhone racoon[1693] : [1693] INFO: 10.16.4.171[500] used as isakmp port (fd=7)
Tue Jun 22 12:11:36 iPhone racoon[1693] : [1693] INFO: 127.0.0.1[500] used as isakmp port (fd=8)
Tue Jun 22 12:11:36 iPhone racoon[1693] : [1693] INFO: fe80::1%lo0[500] used as isakmp port (fd=9)
Tue Jun 22 12:11:36 iPhone racoon[1693] : [1693] INFO: ::1[500] used as isakmp port (fd=10)
Tue Jun 22 12:11:36 iPhone configd[25] : .371 (+0.038) SCDynamicStore "network" notification
Tue Jun 22 12:11:36 iPhone configd[25] : .400 (+0.028) SCDynamicStore "network" notification
Tue Jun 22 12:11:36 iPhone pppd[1692] : Exit.

I can confirm AES128 solves problem in L2TP mode with Sonicwall NSA3500.

I got around to trying the switch to AES-128 as well and it does indeed resolve the issue, except that when you do this it breaks VPN connections from OSX (at least 10.6.4). Switching back to 3DES (in my case) resolved the issue in OSX but obviously breaks it in iOS4 again.

I was already using AES-128 or better so that was not the issue for me.

I turned on debug logging on my VPN server and dug into this.

*The problem lies in using a configuration profile from iPCU.*

If I load a configuration profile created with iPCU 2.2 it does not work. If I manually enter the same vpn information thru the phone itself the vpn connection works as expected.

This is what I saw went watching the debug logs on the vpn server (Cisco ASA).
I am using a group/pre-shared key for the machine authentication part of the vpn setup. With a group/pre-shared key, the client should do request an Aggressive Mode IKE negotiation. Using the config profile from iPCU 2.x on an iOS 4.0 phone, this does not happen, it does a Main Mode, which in Cisco's case it rejects which is the expected result.

If I use the exact some profile on iOS 3.1.x phone it does Aggressive and succeeds. If I manually enter the same vpn settings on a iOS 4.0 phone, it used Aggressive mode and succeeds.

My conclusion is that iOS 4.0 phones do not read the configuration profile correctly.