@Donny:
Now IPSec Mobile work fine.
1. I made a record FQDN my pfsene hostname: zwolle.xxxxx.com with Public WAN IP Address from my ISP in to the domain name system (DNS): xxxxx.com
2. At local host computer windows 10, I tested PING to FQDN pfsene hostname > zwolle.xxxxx.com. it is worked.
3. Create IPSec CA certificate, the common name whatever
4. Create Sever Certificate to Common Name with FQDN pfsene hostname > zwolle.xxxxx.com. For Alternative name, I don't use Max OS, Linux and etc.
5. Setup IPSec tunnel Phase 1 My identifier to Distinguished name with "zwolle.xxxxx.com" that is the same common name on Server Certificate.
6. Another setup is the same pfsense document wiki
7. export only IPSec CA to Windows 10 Client and then installation IPSec CA to Trusted Root Certificate Authorities.
8. configuration the propertie of IPSec Connection adapter example at Security tab > IKEv2, Requir encryption and Secured password (EAP-MSCHAPv2) (encryption enable)
9. test the connect by use username and password that created on Pre-SharedKeys tab
10. finally connected and can ping to local host, copy files and etc.
Donny
Just want to be sure. the way i did it above, is it correct?
Thank you. Donny