I'm using pfSense 2.0 and have an IPsec VPN configured (which uses the Raccoon IPsec daemon).
I'm connecting to the VPN using my iPhone (iOS 5).
However, the iPhone doesn't allowing saving of XAuth username and passwords.
How secure is it to remove XAuth authentication (ie. blank password) and only use RSA certificate authentication?
Best Answer
Sorry, this isn't answering your question of "how secure ...", but this might side-step your problem. Have you tried xauth_psk_server and putting "save_passwd on;" into your mode_cfg section of racoon.conf?
This let my old iPod (Version 4.2.1) cache an XAuth username & password. Here is my racoon.conf:
With my iPod (and my MacBook), I select "Cisco IPSec" for the VPN type, and then invent a group name and shared secret for your psk.txt.
Now the question is, How secure is xauth_psk with a shared group secret? (This might not be secure for a corporate environment, because other employees might recycle the group shared secret to spoof being the vpn server to other employees and then sniff usernames and passwords... (runonsentencefun) but it's fine enough for my iPod when I don't share my group with anyone.)