Example iPhone-compatible tunnel configuration

You can configure iPhone-compatible tunnels, which entails:

Before you start, be aware of the following limitation in IPsec preshared key (PSK) authentication mode: all connections from unknown IP addresses, including IPsec and L2TP road warriors, must use the same authentication method, and, in the case of PSK, the same secret.

In practice, this means that if you want to create a tunnel between an iPhone-compatible device and the Smoothwall, you must:

  • not have any L2TP or IPsec road warriors, as they use certificates for authentication.
  • not have any IPsec subnet tunnels to unknown (blank) remote IPs. There is a workaround for subnet tunnels to unknown, remote IPs but the IPsec subnets would have to use PSK authentication with the same shared secret as the iPhone-compatible device.