Configuring a VPN connection between an iPad/iPhone and LANCOM routers using the LANCOM myVPN application up to and including iOS 12.1

Description:

This document describes the configuration steps required to set up a VPN connection between an iPad/iPhoneand a LANCOM router using the LANCOM myVPN application.

In 2019 the IETF (Internet Engineering Task Force) has designated IKEv1 as deprecated and insecure and therefore it should not be used anymore. LANCOM Systems instead recommends to use the current standard IKEv2.

The IKEv1 functionality in LANCOM devices remains intact and can still be used for scenarios where devices without IKEv2 support are used. However LANCOM Systems will not provide any support regarding the troubleshooting of connection problems with IKEv1 connections. Also there won't be any bug fixes or new features for IKEv1.

In rare cases a disconnect can occur during rekeying. In such a case it can be useful to increase the lifetimes, so that the disconnects occur less often.

The myVPN app only supports IKEv1. Therefore LANCOM Systems recommends to manually set up an IKEv2 connection between an Apple iPhone / iPad and a LANCOM router.

Requirements:

LCOS as of version 8.62 (download latest version)
LANtools as of version 8.62 (download latest version)
Apple iPad/iPhone with iOS 4.1 or later
LANCOM myVPN application, which must be installed on the iPad/iPhone/iPod. The myVPN application is available in the Apple AppStore.

Scenario:

This example is for configuring the following scenario:

An iPad/iPhone is connected to a public network (such as hotspot in a hotel) via WLAN.
If you are using an iPhone or iPad with the appropriate equipment, you can also use the medium 3G/4G to make the connection.
This public network and the Internet are to be used to set up an IPSec VPN-secured connection between the iPad/iPhone/iPod and a LANCOM router, which is operated in the local home or office network.
The VPN connection between the iPad/iPhone/iPod and the LANCOM router in the local home or office network is to be configured with the LANCOM myVPN application, which is installed on the iPad/iPhone.

1) Configuration steps on the LANCOM router:

1.1) Open the Setup Wizard on the LANCOM router in LANconfig and select the option Provide remote access (RAS, VPN).

1.2) Select the Exchange mode IKEv1.

The myVPN app only supports IKEv1.

1.3) When selecting the VPN client, click on LANCOM myVPN.

1.4) In the next dialog you have to set the name for the VPN connection. In the Address of this router box, enter the public IP address or the public DNS address (e.g. a DynDNS address) of the router.

1.5) The following dialog displays the PIN, which you later require to configure the VPN connection with the myVPN application on the iPad/iPhone. To avoid forgetting this, you should mark the option Print PIN. If you have no printer, write the PIN down.

In case you forget the PIN for a myVPN access, then you can view this in the configuration of the LANCOM router under VPN → myVPN → myVPN accounts.

1.6) Click on Finish to complete the configuration of the LANCOM router. The configuration is then written back to the device.

1.7) If in Step 1.5. you activated the option Print PIN now, the the Windows print dialog will open up. Click on Print to print-out the PIN.

2) Configuration steps on the iPad/iPhone:

2.1) Make sure that you have a WLAN connection to the local network (hotspot, etc.) and that you have access to the Internet.

If you want to set up a myVPN connection over the internet (WAN), please make sure that there is no Port-Mapping or -Forwarding for HTTPS-Port 443 configured on your LANCOM Router.

If the HTTPS port 443 is mapped or forwarded, the iPhone/iPad is not able to obtain the myVPN vonfiguration profile, which is installed on the router.

2.2) Start the myVPN application on the iPad/iPhone.

2.3) Tap on the option Add remote.

2.4) Enter the public IP address or the public DNS address (e.g. a DynDNS address) of the LANCOM router. In this example we use the address Test.lancom.de. Then tap on Yes.

2.5) Tap on the newly created entry called Test.lancom.de.

2.6) Enter the PIN, which you set in the configuration of the LANCOM router for this myVPN account (in this example the PIN is 1772).

2.7) Then tap on the Connect button.

2.8) Confirm the subsequent warning with Yes.

Due to the installation of a code lock for safety of the iPad/iPhone, a window appears in which you have to insert the four-digit code to unban the iPad/iPhone.

2.9) In the following dialog window, click on the Install button.

2.10) Confirm the subsequent dialog with Install now.

2.11) In the following dialog, tapping on Next without having entered the password means that you must enter the password for the myVPN connection every time you start the VPN connection. For security reasons we recommend that you DO NOT ENTER YOUR PASSWORD at this point. The password for the myVPN connection is the PIN, which was specified for this myVPN account during the configuration of the LANCOM router (see step 1.5 of the router configuration). In this example, the PIN is 9295.

If you enter the password (PIN) at this stage, then every time an attempt is made to start a VPN connection the input dialog for this password will not be displayed and the VPN connection is established immediately. An unauthorized user can then set up the VPN connection without knowing the account data!

2.12) Select Done to complete the installation of the VPN connection profile. This completes the configuration of the iPad/iPhone.

3) Starting the myVPN connection on the iPad/iPhone.

3.1) Open the Settings dialog and navigate to the menu General → Network → VPN.

3.2) Start the VPN connection by tapping on the switch.

3.3) In the following dialog you can enter the PIN for the myVPN connection. The password for the myVPN connection is the PIN, which was specified for this myVPN account during the configuration of the LANCOM router (see step 1.5 of the router configuration). In this example, the PIN is 9295.