a.3) iPhone IPSec VPN Setup (user/pass)
Although these instructions are specific to an iPhone, the same process applies to any applicable iOS device, just find the equivalent items for the VPN settings.
Setup an Account-Based IPSec VPN on an iPhone
- on your iPhone, visit Settings → (General →) VPN and tap Add VPN Configuration... then tap IPSec
- enter a Description
for Server, enter either the IP address or the FQDN of the IPSec server
- this must be the IP address/FQDN of the Interface you selected for the mobile tunnel (see the VPN → IPSec → Tunnels tab and press the e button to the right of the Remote Gateway/Mobile Client entry)
- when possible, it's better to use an IP address to avoid DNS delays – however, if you're going to use certificates later on, it's important that the common name or one of the alternative names for the server certificate is the same as the server name you use here
- for Account, enter either the Username of the VPN user you previously created (in pfSense, visit System → User Manager → Users tab – e.g., "VPN" in our example)
- for Password, enter either the Password for the VPN user you previously created (in pfSense, see the System → User Manager → Users tab)
- ensure that the Use Certificate switch is turned off
- for Group Name, enter either the Group name for the VPN group you previously created (see the System → User Manager → Groups tab – e.g., "MobileVPNusers" in our example)
- for Secret, enter either the Pre-Shared Key for the mobile IPSec tunnel phase 1 you previously created (see the VPN → IPSec → Tunnels tab and press the e button to the right of the Remote Gateway/Mobile Client entry – e.g., "This is My preShared CeeKret @$^*)." in our example)
- if required, enter the information required to configure your network's Proxy
- tap Save
If you visit Settings → (General →) VPN, you should now have something like:
You should now be able to VPN onto your network via your iPhone's IPSec VPN configuration that uses a username/password.
Once this is working, if desired, you can continue to alter the IPSec VPN server setup to use certificates. This will be required if you intend to use iOS's VPN "on-demand" capabilities.
... or return to the VPN article's overview page.