Configure iPhone iOS to use an IPSec VPN tunnel and resolve reconnect issues

Following on from my post that walks through the set up of an Ubuntu based IPSec VPN server using Openswan and Android, I've now had the chance to also configure an iOS device to work with the same configuration. Read on to see how I configured the iOS 5.0 iPhone 3GS to work with my Openswan IPSec VPN...The following steps I used on an iPhone 3GS iOS 5.o to connect to an Ubuntu IPSec VPN configuration.

  1. Settings
  2. General
  3. Network
  4. VPN
  5. Add VPN Configuration:
  • Select L2TP
  • Description: any
  • Server: server address
  • Account: ubuntu username
  • RSA SecurID: off
  • Password: as per /etc/ppp/chap-secrets
  • Secret: PSK as per /etc/ipsec.secrets
  • Send All Traffic: on
  • Proxy: off  
After setting up the iPhone to work with this IPSec Openswan configuration I experienced the issue that should the iPhone disconnect either intentionally or through a dropped tunnel I was unable to get the iPhone to reconnect to the VPN. The only way to get the phone to reconnect was to restart the IPSec daemon on the Ubunutu  server.             

As Jacco points out one problem is that Apple do not appear to send a “Delete SA” message when the device disconnects. The IPsec connection remains up and the VPN client may not be able to reconnect, and reports an error. He pointed out that the problem is resolved when Dead Peer Detection (DPD) times out, the SA itself times out (if DPD is disabled) or the Openswan daemon is restarted. For this reason it is highly recommended to enable DPD on the Openswan VPN server by adding these parameters to your Openswan configuration (suggested time-out values):

These lines need to be added to /etc/ipsec.conf under the connection configuration and not the daemon configuration from my experience. Putting them in the before the connection configuration will cause openswan to fail when restarting reporting a "confread.c:248: load_setup: Assertion `kw->keyword.keydef->validity & kv_config' failed" error in the terminal.



  1. This comment has been removed by a blog administrator.

  2. This comment has been removed by a blog administrator.

  3. Very nice post. I just stumbled up?n your weblog and wished to say that I have really enjoyed browsing ?our blog posts.
    Regards -

  4. With the Popularity of iOS Devices comes the threat of hacking. FastestVPN is the Best iOS VPN that encodes all your personal and financial data securing it from intruders.