According to Apple’s support article on VPN for iOS, only Cisco IPSec, Juniper Junos Pulse, and Cisco AnyConnect support the VPN on-demand feature. Are there any open-source implementation (‘free’ as in beer is more important here) of these that I could deploy on a Linux-based system with no special hardware?
Update: I already have a PPTP solution. I am specifically interested in the on-demand features of the other two.
Best Answer
Cisco IPSec, Juniper Junos Pulse, and Cisco AnyConnect can be configured for VPN on-demand for certain destination hosts/networks as they are part of the route and can realize the need to establish a VPN connection first in order to connect to those hosts/networks;
So in case of your Linux based PPTP VPN server, as far as that server is not your default routing gateway, VPN on Demand is meaningless. In this configuration your server should be a Cisco IPSEC compatible Gateway on linux and your iOS devices' default routing gateway too.
In case of Apple iOS device, VPN on Demand allows iOS device to establish a transparent and secure connectivity to a remote enterprise network with no more manual configuration at user side.
This VPN on Demand feature cannot be manually configured on the iOS device and requires a certificate-based authentication and is currently supported on Cisco IPSec, Juniper Junos Pulse, and Cisco AnyConnect.
In order to activate and configure it on iOS devices, you must create a configuration profile and then provision the device.
Another form of VPN on Demand is available on Mac OSX devices where Safari decides to establish a VPN connection to connect to certain domains/networks (e.g. vpn.mycompany.com) that you have already listed as VPN on Demand and configured its connection settings profile (password/certificate).
More Info:
iOS VPN on Demand: http://www.0x8847.net/2010/07/iphone-os-vpn-on-demand/ http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf
OSX VPN on Demand: http://docs.info.apple.com/article.html?path=Mac/10.6/en/15575.html
For a Cisco IPSec Gateway on Linux, I recommend you use Open source package StrongSwan for your iOS VPN on Demand
http://www.strongswan.org/
Use --enable-cisco-quirks parameter to build StrongSwan to make it compatible with Cisco IPSEC. It is a stable certification based, IPsec Gateway on linux that is compatible with iOS VPN on Demand requirements.
Check following link for setup iOS on StrongSwan:
http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)
Authentication uses XAUTH and certificates (authby=xauthrsasig).The described setup has been tested and confirmed working on an iPad 2 with iOS 4.3.1, but is expected to work on all other iOS devices (iPhone, iPad, iPod Touch) running an up to date iOS version.