iPad & VPN

I took the simple route and installed PPTPd on my Linode in London. And I've successfully connected my iPad to that VPN and surfed around, so I know it works.

If I remember correctly, I followed this tutorial (feel free to replace the "nano" commands with your editor of choice):

http://akensai.com/linode-vpn/

Thanks. I was reading pptp wasn't as secure as openvpn (i guess open on uses l2tp or whatever it is). Also some locations such as china block pptp, so wasn't sure if to use pptp, as I had come across that article you posted earlier :)

PPTP is a broken security protocol.

Originally cracked way back in 1999, with minor "fixes" over time that made it marginally "less cracked" but still not secure, and then recently totally cracked once again (via ChapCrack and other tools).

MS has no interest in maintaining MS-CHAPv2 and no security person worth there chops would even consider using it.

That said, security is always a tradeoff. How much is "good enough" depends on what you're protecting. You don't install a million dollar safe to protect a hundred thousand dollar ring.

I wouldn't go for pptp although as for alternatives, there is an article in the Linode Library about installing and configuring OpenVPN which would be a better choice over pptp.

@Serial Cookie:

I wouldn't go for pptp although as for alternatives, there is an article in the Linode Library about installing and configuring OpenVPN which would be a better choice over pptp.

OpenVPN is nice, but it doesn't solve the OP's problem, since it's not natively supported by iOS.

Valid options are:

• PPTP

• L2TP/IPSec

• Cisco IPSec

• Juniper JunOS Pulse (via app)

• Cisco AnyConnect (via app)

The PPTP and L2TP options support RSA SecurID or CryptoCARD as an alternative to MS-CHAPv2

iOS does support third party (non-integrated) VPN solutions via an API, hence the two apps I listed. However, the API is undocumented, and only available to vendors on invitation. This is why there is no OpenVPN client despite it being technically possible without jailbreaking.

Thanks Guspaz. I'm running CentOS on m Linode, so what solution do you suggest out of pptp and l2tp and what's the name of the service I need to install on my vps? I'm not familiar with tsa and crypto.

Unfortunately, I've never used the VPN support on iOS myself, so I can't really recommend something specifically. PPTP is likely to be blocked by most mobile carriers since it uses GRE (and not TCP or UDP); I think one of the other options is more likely to get through.

I've used VPN on iOS before (and android) L2TP/IPSec works well on the server side I use openswan. The downside is you're stuck to using set ports which are often blocked unless you pay to have VPN access in hotels/airports etc.

@obs:

I've used VPN on iOS before (and android) L2TP/IPSec works well on the server side I use openswan. The downside is you're stuck to using set ports which are often blocked unless you pay to have VPN access in hotels/airports etc.

Using the VPN over a proxy (which seems to be supported by iOS) might mitigate that issue.

I would personally setup a VPN using OPEN VPN and not iPad settings… PPTP / L2TP are really insecure : https://anonymster.com/what-best-vpn-protocol/

I have not used my Ipad with Linode, but have used Purevpn for vpn services and can recommend it works good. And it is not difficult to setup a vpn on your Ipad. The app for ios works really easy.

@peterlambert:

I would personally setup a VPN using OPEN VPN and not iPad settings… PPTP / L2TP are really insecure : https://anonymster.com/what-best-vpn-protocol/

What if the vpn provides you with the IPSec security protocol, i heard it is more secure. Though it hampers speed a bit.

IPSec is so complicated to set up, and with so many pitfalls, that I personally consider it one of the less secure alternatives. Simply because it's just too easy for the non-expert to leave it wide open (one reason for that is that part of the protocol is a non-encrypted tunnel where you need to also add the actual encryption, in a separate step). I know very few people who actually understands IPSec fully.

For the corporate firewall we're using at work it turned out that it was in practice impossible to set up an IPSec configuration which worked both for the IPSec config of a subsidiary, and for iOS and/or Android, at the same time, on the same firewall.

OpenVPN is a breeze simply because it's both very secure, easy to understand, and uncomplicated to set up. And if you're doing something wrong, you just get a non-working network, unlike with IPSec where you can unintentionally end up with a non-secured network without realizing it.