Using the iPhone Configuration Utility to add 802.1X and VPN to iPhone 2.0

The iPhone Configuration Utility lets you create configuration profiles that contain preset service information for your users. When installed, the profile will walk the user through configuring those services on their device. Below, you will learn how to create a profile to add VPN and 802.1X to the iPhone 2.0. Alternatively, you can add VPN support to the iPhone manually. Consult the iPhone and iPod Touch Enterprise Deployment Guide for more info on configuration profiles. For support information, visit the Wireless 2.0 (802.1X) Trial page or the AIT VPN Support page.

Launch the iPhone Configuration Utility, click on "Configuration Profiles" from the column on the left, then click the "New" button on the toolbar. Double-click the newly created profile to view the details.

Name the profile, and create an identifier for it. For this example, we'll use "PSU 802.1X and VPN" for the name and "edu.psu.psu8021xvpn" for the identifier. You can also add Organization and Description if you wish, and you can optionally sign the profile to verify it's authenticity to your users.

First, we'll add 802.1X. Click on the "Wi-Fi" tab, and click "Configure."

For the Service Set Identifier (SSID), enter "psu" and set the Security Type to "WPA / WPA2 Enterprise." Under Accepted EAP Types select "TTLS."

Next, click on the "Authentication" tab and change Inner Authentication to "PAP." That completes the settings necessary for 802.1X.

Now we'll add VPN. Click the "VPN" tab, and click "Configure."

Fill in the VPN settings to match your configuration. In the example below, we will add the settings for campus wireless at University Park. If you want to add additional VPN Configurations, you can click the + button at the top of the VPN Settings screen to add more configurations.

Now that we've entered in the 802.1X and VPN settings, we can export the Configuration Profile. Click the "Export" button on the toolbar, and save the file somewhere convenient.

There are two ways to get the Configuration Profile on to an iPhone - as an email attachment or downloaded from a server via Mobile Safari. Note that if you are serving the file from a webserver, you will need to add the correct MIME type to your server for the file to download correctly. The Configuration Profile MIME type is:

AddType application/x-apple-aspen-config mobileconfig

Either tap on the attachment in the Mail app, or enter in the URL of a profile into Safari. When the Install Profile screen appears, tap "Install."

A warning will appear, cautioning you if the profile hasn't been signed and informing you that it will change your iPhone's settings. Tap "Install Now."

The iPhone will then ask for the username and password for 802.1X and for each VPN configuration.

After the user enters in all of the requested info, the Profile Installed screen will appear. Tap "Done."

The first time you connect via 802.1X, the iPhone will ask you to accept a certificate. Tap "Accept."

You should now have the correct settings on you iPhone to connect via 802.1X or the VPN using your iPhone. For more information on using Configuration Profiles, consult the iPhone and iPod Touch Enterprise Deployment Guide.