Recent Changes - Search:



My journals will take the place of a blog. They have moved to

Sites I take responsibility for






Places I frequent



Items for sale:


edit SideBar

Apple iPod Touch and iPhone - How to setup a personal VPN

Include our styles below Infobox - invoke as >>infobox<< ... >><<

Codebox: - invoke as >>codebox<< ... >><<

warnbox: - invoke as >>codebox<< ... >><<

editingbox: - invoke as >>codebox<< ... >><<

noticebox: - invoke as >>codebox<< ... >><<

Page bread crumbs:

Pages by tags: (:listtags:)
Subscribe to this wiki: RSS Feed RSS or subscribe to this page for changes: RSS Feed RSS
496 articles have been published so far. Recent changes
(:addThis btn="custom":)

How I do it:

Many modern routers support creating a VPN directly on their hardware using PPTP or L2TP. Most notably D-Link. Linksys I found you have to load DD-WRT or Tomato. But in my case I didn't want to be tied to a hardware solution so I implemented this using my main Linux server at home.

I also wanted true IPSec security but according to Apple the current firmware versions for the iPhone or iPod Touch cannot support this. And also not available sadly is SSL VPN so your flexibility is limited (this means the easy to setup OpenVPN is out). And since I detest the buggy and less secure Microsoft designed PPTP and need machine-to-machine VPN anyway that leaves really with only one option: L2TP to a Linux server behind my firewall at home.

L2TP has two options: "Gateway mode" where the remote gateway is used, and ALL traffic goes down the tunnel, or "Split" where only traffic destined for the private net is tunneled. The latter (Split) is less secure (you're effectively making the l2tp client part of the perimeter) but means extraneous activity doesn't swipe bandwidth. If your clients are in the hands of trustworthy, intelligent users not running as admin, the split mode may be the best option. In this case since I am the sole user and owner of the connection I opt for Split mode.

According to

The i* (iPhone and iPod Touch devices) support L2TP/IPSec with Shared Secret authentication (A.K.A. password) or since I cannot afford nor want expensive (and closed) security hardware such as a RSA SecurID or Cisco CRYPTOCard that leaves me with (again) broken CHAP. I will go with machine to machine password security. This is a risk particularly if I lose the iPod. However again I am the sole user and owner of the connection and the iPod and that I can change the password remotely via alternative host based access methods I posses else where so I will accept this risk. Note these steps I am giving you here really should <b>NOT</b> be used for an enterprise (or uncontrolled shared use - a family or close knit trusted group might be acceptable) and in my opinion the iPhone since it still does not support true IPsec (at least as of firmware 2.1) does not make a suitable VPN client.

iPhone supports the following configurations of PPTP and L2TP/IPSec protocols for VPN (Virtual private networks):

* L2TP/IPSec with SharedSecret + MSCHAPv2

iPhone does not support:

 * Pure IPSec
* IPSec Machine Certificates
* PPP User Certificates or SmartCard (EAP-TLS)
* L2TP/IPSec Kerberos Authentication Token
* RSA-SecurID (EAP-RSA) Authentication Token

iPhone and iPod touch Manuals:

iPhone and iPod touch Enterprise Deployment Guide:

Now the Linux server software:

Based on the above needs I chose OpenSWAN (previously Free S/WAN).

I installed the OpenSWAN on a Gentoo 2008 server in my home but any distribution will work (I will leave exactly how you install OpenSWAN on your particular to a Google search).


.... coming soon



Other sites of interest:

Kevin's Public Wiki maintained and created by Kevin P. Inscoe is licensed under a
Creative Commons Attribution 3.0 United States License.

Back to my web site -

Edit - History - Print - Recent Changes - Search
Page last modified on April 03, 2012, at 12:55 PM EST