how-to block ads
|
|
Uniqs:
371 |
Share Topic
 |
 |
|
|
|
 AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3
1 edit | USG and Iphone with IOS 5.0 »www.zyxel.se/upload/doc/support/···aper.pdf
1. With regard to IPSEC (L2TP) has anything significantly changed/improved since IOS 3.x to build upon the most excellent above reference?? Especially since the change from 3 to 4 caused such a large shitstorm.
Two questions I have in the the last instruction (5) -
i. Why would you select route all internet traffic out through your router --> Iphone Option ON (send all traffic)??
I guess what I need to clarify is the following.
If you turn this selection off (and want then split-tunneling) then standard internet traffic goes thru cellular ISP.
If you turn selection on, all internet traffic goes through USG first then to internet.
ii. Assuming that in both cases to access ones HOME LAN you have to enter in the URL of the router itself (using dydns name for example)????
As a follow on, wouldnt it be prudent not to have the security key or password entered into the Iphone, ie better to have to enter it manually each time when required (in case you lose your phone......)??
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment | |
jdmtPremium
join:2002-05-06
Seattle, WA
1 edit | Hey Anav,
I don't have a lot of answers to your specific questions, but thought I'd chime in on this. I did get this working on my iOS 5.0.1 iPhone, however, it feels like a beta effort still...
While it works, I found that when you disconnect from the iPhone, the remote connection on the USG stays open for the duration of the timeout period, or longer, therefore tying up one of the 2 L2TP connections. I have to log into the USG to manually disconnect.
A cool potential use case for me would be able to sync the iPhone with a machine on the LAN over L2TP. While you can create and use an address pool on the LAN segment in your L2TP Connection entry, it won't pass traffic. You have to use some separate arbitrary subnet/range - unfortunately, iTunes Sync requires both client and host to be on the same subnetwork.
I have a bunch of Site-Site VPN connections defined and one other thing I'm dealing with is that when the Default_L2TP connection is active, none of my other VPN endpoints can connect. I get "No SA Proposal Chosen" in phase 2. Phase 1 still works, but no connections. I have to disable the L2TP connection policy and *reboot* to get everything else working. I have a ticket open with Tech Support on that.
Anyone else experience anything similar?
Finally, on the authentication credentials, while the L2TP Secret is mandatory in the config, the password can be left blank, which will force the user to enter their credentials each connect. Seems secure enough that way - the Secret and Password are encrypted and can be configured using an iOS policy.
Send all traffic could be useful if you want to leverage the content filter and other rules and tools on the USG. | | |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | Okay understand send all traffic.
Okay like the idea of password blank forcing entry each time.
Finally I am wondering if people have found any value of an iphone to LAN L2TP connection wrt looking at files on the puter. Not concerned with iphart or itunes etc, but simply getting access to a picture, a word file, a video clip etc...... I am thinking of an L2TP connection straight to one computer on the LAN.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment | |
jdmtPremium
join:2002-05-06
Seattle, WA | With the default config, you basically have free and open access to the LAN, or at least if that's how you've configured the IPSec VPN Zone to act. So, with the approriate client, you can browse files etc easily. | |
|
