...if my network guy should investigate getting us setup with PPTP vpn instead, is that more secure? better??...
FYI: [Comparing VPN Options|http://www.windowsecurity.com/articles/VPN-Options.html] gives an overview of the different VPN protocols.
If you're using IPSec, then I wouldn't recommend going to PPtP. PPtP is considered less secure than the other protocols, (although that has been improved,) and in my experience, PPtP often fails because many routers can't pass through PPtP correctly, yet IPSec would work on the same router. For example, the situation would be you can connect over PPtP at home so you think everything is working, but you can't connect from the hotel's free Wi-Fi. You don't have control over the type of router at the hotel, so now you're stuck. The need for VPN is greater at the hotel than at home so if you're a road warrior, not being able to know if you'll be able to connect the VPN is often a deal-breaker.
BTW to all: my iPad on 4.3 works fine on all VPN protocols, so unfortunately I can't help much because it's all working.
What I haven't seen much on this thread is mention of the VPN
endpoint equipment used. (a.k.a. the VPN server you're connecting to.) I see one person post that it's successful to a Cisco ASA box. I've often had issues with connecting to "cheap" VPN endpoints. (The ASA box is definitely NOT cheap.) IOW, changing the VPN endpoint was the solution. Obviously that's not going to be acceptable to everyone, but just pointing out that everyone saying "doesn't work" without other details and just trying the same things over and over doesn't really help Apple much to fix things. But if Apple gets thousands of calls say that the iPad is not connecting to the really expensive ASA5000 boxes… 😉
Note for anyone connecting through Linksys home routers: most of them can only handle
ONE VPN tunnel at a time. (Inbound or outbound.) So if you've got your Mac connected to the VPN for testing, you won't be able to connect a second VPN tunnel. (IOW, disconnect all VPN tunnels first, then try connecting with your iPad or whatever device.) And this appears to be true for the built-in router of the Westel 6100 DSL modem. Changing to bridged instead of routed bridge will allow for multiple tunnels. (Obviously you need to then install your own router or firewall.) I found both of these out the hard way with clients yelling over the phone. 😟
So here is what I have:
iPad1, 64GB, AT&T 3G, iOS 4.3 (8F190)
PPtP endpoint:
Cisco Linksys RV042 (firmware 1.3.12.19) over Toshiba Cable modem (I don't have model of Toshiba at the moment.)
L2TP endpoint:
Windows 2003r2 server, NATed through above RV042 over Toshiba cable modem
IPSec endpoint:
Cisco ASA5510 (Cisco IOS 8.3) connected over Time Warner T1.
Connection to all three of the VPN endpoints works over iPad1's AT&T 3G in Honolulu, HI.
Remote Wi-Fi:
Westel 6100 DSL modem
D-Link DIR825 Wi-Fi Router (Hardware Version: B1, Firmware: 2.02NA)
iPad connects to all three VPNs, with iOS 4.2 and 4.3. No changes were made to any of the VPN or networking equipment when iOS was updated from 4.2 to 4.3.
Also, I use a Macbook Pro (Penryn 2008) to connect to the VPNs using the built-in OSX VPN client. All worked on 10.6.5, 10.6.6 and 10.6.7. Over both wired and wireless through the above D-Link DIR825. (That info is for some of the other threads where people say 10.6.7 "broke" OSX's VPN.)
Also tested at another location with a Apple Airport Extreme (7.5.2) over Toshiba cable modem. Both Mac and iPad connect to all three VPNs, although I did not test this location with anything prior to OSX 10.6.7 & iOS 4.3.
So IMHO if you really want to get this fixed, then give Apple more info to go on. I'm assuming that Apple tested on the "enterprise grade" VPNs (a.k.a.: the expensive ones) but wouldn't have tested with every possible combination of equipment and especially not every "consumer" and "open source" VPNs. (a.k.a.: the cheap stuff.) Thus my success with connecting to Cisco and Windows Server endpoints, particularly through the D-Link DIR-825, which was on the upper end of D-Link's "consumer grade" routers, rather than the low end.
Again, while I can't help much, all I can suggest is everyone do a detailed audit of their hardware models, firmware and software versions. "I have
exactly the same thing" is very often NOT true. And while I am not trying to dismiss anyone's problems and frustrations, I will say that troubleshooting VPNs is very difficult because you tend to need access to the equipment and logs on BOTH sides, which is often not possible since you normally have to be away from the office to test the VPN (or you're having to deal with this over the phone and can't see the logs, etc…just like the Apple technical support person you're talking to. 😉 )
