Guys the supplicant native to Phones and IPSec in general use XAUTH, certificate authentication. We developed a solution in house that does just that, profiles for VPN and Wifi and connecting them to the PAN agent. Works on Android, Blackberry, IOS and Symbian etc. If your phone has VPN settings the XAUTH is usually the way to go. That way when they upgrade you don't need your VPN client to upgrade as well. Same for Wifi. The key thing here is client auth certificates replace credentials such as Windows etc. General use of a single p12 per client and OSCP or a CRL makes PAN able to use the same cert for Wifi, VPN and SSL Decryption (even wired if you want to go 802.1X).
... View more