VPN on the iPhone

May 28, 2008 at 12:44 pm · Written by Tom · Filed under Software, iPhone

So a friend and i were looking at what was to come with the iPhone SDK. He’s recently started looking for a new phone, and he finds that the ability to VPN would be a preferable feature.

At the moment, he’s been using Hamachi and OpenVPN but as we were looking through the iPhone settings we only found L2TP and PPTP.

So he hacked up a quick L2TP/IPSec VPN and gave me the details. Of course, it didn’t work. So he started fooling around with settings.

Eventually, when it still wasn’t working, we tried connecting to it from just his MacBook. Because the iPhone and the MacBook have the “same” networking, it might make sense to try with a proper machine.

So he tries it. Following this, OpenVPN died as did Hamachi. So after some scrambling through backdoors, we managed  to get OpenVPN and Hamachi back up.

So we could see the logs changing in real time. Seeing it go through the IPSec and then being passed over to L2TP and then PPP. So we found some cryptic error messages, including “No Route To Host”.

We  then started looking around Google. Turns out the “tutorial” we had followed gave us some bad settings. We found one that seemed to work and started the VPN.

It worked perfectly. I was able to access his VPN-Only webservers, and even access one of his machines in his room at university. 
To put this in perspective:

iPhone (Encrypted) —> O2 (Edge) —> His Home (Encrypted again) —> University —> Machine

The ping response to the iPhone was about 600 ms and we managed to DoS the tunnels by trying to port scan. It turns out that most of the ports on the iPhone aren’t open, so i guess that’s good.

So we try to reconnect, and the VPN fails. We look through the logs and it wasn’t apparent. 
So we waited a few minutes before trying again, and it worked perfectly again.

Basically, what happens is that when the iPhone requires “internet” access, it gets an IP from O2 who then gives it one and routes it. However when you “disconnect” the iPhone from the internet, such as from a VPN, the route is instantly severed and the IP reclaimed.
So what was happening, was that when i would disconnect, the route would be instantly severed at my end. However, the end of the tunnel at his end was still up. His machine didn’t realise i had disconnected. So there’s a time delay, while you wait for it to time out and close all the tunnels.

 

Overall, this seems to work very well and if the speed increase on the iPhone is going to occur, then it’ll be very cool to be able to route all your data through a dedicated machine. Also, you can access VPN’d web servers and mail servers.
On the whole, this is really cool. 

iPod Touch on VPN at tumble*jalada said,

August 15, 2008 @ 1:30 am

[...] I know, but this is my girlfriend’s iPod Touch (fresh with the 2.0 update) successfully on the L2TP/IPSec VPN I set up some months back to test with x5315’s iPhone, showing the Tombraider (my server) home page. At some point (probably when I get my iPhone) I will [...]

Mac Fan Boy » A VPN on an iPod Touch said,

August 16, 2008 @ 12:15 am

[...] A while ago x5315 posted about how we set up an opensource VPN on his iPhone 2G. My girlfriend recently updated her iPod Touch with the new 2.0 software, which enables VPN connectivity for them, and I couldn’t resist the opportunity to fire up the test VPN (and login with x5315’s old details!) and check it still worked, and as you can see from the above picture (depicting my server’s webserver homepage, click to enlarge). It does. [...]

RSS feed for comments on this post · TrackBack URI

Leave a Comment