Here is working config for iOS devices (iPhone, iPod Touch, iPad).

refer to the article; http://wiki.ipfire.org/de/configuration/services/ipsec/ios

/etc/ipsec.user.conf is little different ("rightsubnet=vhost:%no,%priv" should be replaced with rightsubnet=<normal ip notation for subnet (like 10.0.0.0/24)>)

Also "pfs=no" parameter is useless (but harmless to keep)

I removed "leftfirewall=yes" as well

Complete /etc/ipsec.user.conf (replace stuff in <> brackets):

conn <conectionname> keyexchange=ikev1 authby=xauthrsasig xauth=server left=<ipfire fqdn> leftsubnet=0.0.0.0/0 leftcert=/var/ipfire/certs/hostcert.pem right=%any rightsubnet=<subnet for ipsec vpn(different than green, blue, orange or openvpn subnet; for example:10.0.0.0/24)> rightsourceip=<internal ip address(not in green, blue, orange or openvpn subnet; for example: 10.0.0.11/24)> rightcert=/var/ipfire/certs/<conectionname>cert.pem auto=add lefthostaccess=yes compress = yes

-- Mieszko Ślusarczyk Sent with Sparrow (http://www.sparrowmailapp.com/?sig)