Cisco IPSec, Juniper Junos Pulse, and Cisco AnyConnect can be configured for VPN on-demand for certain destination hosts/networks as they are part of the route and can realize the need to establish a VPN connection first in order to connect to those hosts/networks;
So in case of your Linux based PPTP VPN server, as far as that server is not your default routing gateway, VPN on Demand is meaningless. In this configuration your server should be a Cisco IPSEC compatible Gateway on linux and your iOS devices' default routing gateway too.
In case of Apple iOS device, VPN on Demand allows iOS device to establish a transparent and secure connectivity to a remote enterprise network with no more manual configuration at user side.
This VPN on Demand feature cannot be manually configured on the iOS device and requires a certificate-based authentication and is currently supported on Cisco IPSec, Juniper Junos Pulse, and Cisco AnyConnect.
In order to activate and configure it on iOS devices, you must create a configuration profile and then provision the device.
Another form of VPN on Demand is available on Mac OSX devices where Safari decides to establish a VPN connection to connect to certain domains/networks (e.g. vpn.mycompany.com) that you have already listed as VPN on Demand and configured its connection settings profile (password/certificate).
More Info:
iOS VPN on Demand:
http://www.0x8847.net/2010/07/iphone-os-vpn-on-demand/
http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf
OSX VPN on Demand:
http://docs.info.apple.com/article.html?path=Mac/10.6/en/15575.html
For a Cisco IPSec Gateway on Linux, I recommend you use Open source package StrongSwan for your iOS VPN on Demand
http://www.strongswan.org/
Use --enable-cisco-quirks parameter to build StrongSwan to make it compatible with Cisco IPSEC.
It is a stable certification based, IPsec Gateway on linux that is compatible with iOS VPN on Demand requirements.
Check following link for setup iOS on StrongSwan:
http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)
Authentication uses XAUTH and certificates (authby=xauthrsasig).The described setup has been tested and confirmed working on an iPad 2 with iOS 4.3.1, but is expected to work on all other iOS devices (iPhone, iPad, iPod Touch) running an up to date iOS version.
I don't know the answer to your question, but I just want to warn you about using the DHCP server address as your default router. If that works it is by chance... In IPv6 the default route is communicated by RA's and not by DHCP.
You will need to enable forwarding, accepting RA's and sending out RS's. A problem here is that the kernel included in Centos6 does not allow you to do that. When forwarding is enabled then accepting RA's and sending RS's is disabled. There should be a CentosPlus kernel with the relevant patches though. See the mailing list thread / message at http://lists.centos.org/pipermail/centos/2011-April/thread.html#109756
The relevant sysctl.conf settings are:
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.eth0.accept_ra=2
net.ipv6.conf.eth0.accept_ra_defrtr=1
net.ipv6.conf.eth0.router_solicitations=1
Best Answer
An Android phone here sent similar vendor ID:
However an iPhone device sent nothing beyond its MAC address and hostname. The same was true of a Nokia Symbian device (E71). My sample of three devices suggests that only Android devices send anything useful. You might have some success by finding what information each client requests (SIP server, domain search) and indeed does not request, and using that as a 'fingerprint'.
To my mind, however, the real answer is to put 'unknown' clients in a default network, and explicitly known devices in a different one.