iOS: Supported protocols for VPN
This article covers the basics about the VPN protocols that iOS supports. For making sure VPN is properly configured to work with iOS, you should contact your network administrator or IT Department. You also might want to refer them to this article.
iOS works with VPN servers that support the following protocols and authentication methods:
- L2TP/IPSec with user authentication by MS-CHAPV2 Password, RSA SecurID or CryptoCard, and machine authentication by shared secret.
- PPTP with user authentication by MS-CHAPV2 Password, RSA SecurID, or CRYPTOCard.
- Cisco IPSec with user authentication by Password, RSA SecurID, or CRYPTOCard, and machine authentication by shared secret and certificates. Cisco IPSec supports VPN On Demand for domains you specify during device configuration.1
- Juniper Junos Pulse and Cisco AnyConnect, using the appropriate VPN app from the App Store. VPN On Demand is supported for domains you specify during device configuration.2
iOS can use certificates in the following raw formats1:
- PKCS#1 (.cer, .crt, .der)
- PKCS#12 (.p12, .pfx)
For more information about configuring your VPN server for use with iOS devices, see VPN Server Configuration for iOS Devices.
If you are successfully using VPN in Mac OS X with a L2TP/IPSec configuration and you are using Password, RSA SecurID, or CRYPTOCard User Authentication methods, and Shared Secret key for Machine Authentication, then the same VPN configuration should work in iOS. In addition, if you are using a Shared Secret key or Certificate for Machine Authentication, it should work as well.
Or, if you are successfully using VPN in Mac OS X with a PPTP configuration and you are using the Password, RSA SecurID User Authentication, or CRYPTOCard method, then the same VPN configuration should work in iOS. The other User Authentication methods are not supported by iOS.
If you have questions about what your VPN settings are or what your Shared Secret key is, you should contact your network administrator or IT Department.
- Requires iOS 2.0 or later.
- Requires iOS 4.1 or later.