Jul 27 20:50:32 charon 07[IKE] <5> found 2 matching configs, but none allows XAuthInitPSK authentication using Main Mode
did you add the user login? can see you've added the pre-shared key
Wow, I forgot to add permissions to the users to allow it to dial in. I also changed the phase 1 to Main instead of aggressive. IPSEC Xauth PSK works like a charm now.
Personally, I prefer OpenVPN for that role, especially when working with multiple architectures. However, IKEv2 can work fine as well. You'll get better performance out of IKEv2, but if load is not a concern, OpenVPN can be easier and more flexible.
Both are secure, so long as you use secure settings. There are articles on the Doc wiki for both setups.
create a new revocation list from System->CertManager->CertificateRevocation
add the certificates that you do not want to be active any more
assign the new revocation list to the vpn server in my case VPN->OpenVPN->Servers
You can easily choose your revocation list from the combobox Peer Certificate Revocation list.
do not need to restart or refresh the change is immediately
Then add a new P2 at the main site for 192.168.2.0/24 to 10.6.23.0/24.
At the remote site add a new P2 for 10.5.35.0/24 to 192.168.2.0/24 and add the NAT address field to 10.6.23.0/24.
The 1:1 NAT setting is no longer required as route-based IPsec is not supported in FreeBSD 10(pfSense 2.3.4) hopefully in 2.5.
Thanks to pfSense support that gave me this valuable information. https://www.netgate.com/blog/pfsense-2-5-and-aes-ni.html