Have you tried the client export package for pfSense? This is all I could find but it's for 2.0.1: https://forum.pfsense.org/index.php?topic=56513.0 I don't see how it's possible to assign a static IP to an IPsec mobile user unless there's something buried in the RADIUS code that does it.

Not ATM.

It was a plain and simple routing problem on the client PC. As soon as I added the route; route -p add 10.0.0.0 mask 255.0.0.0 192.168.1.1 It works like a charm now !

@gazoo: that's the iphone doing aggressive, i've got the server set for main. Your server needs to match your client. P1: IKEv1 aggressive, mutual PSK + XAuth, local ID IP address, peer ID user DN, AES256 SHA1 DH group 2. P2: Tunnel mode, local network 0.0.0.0/0, AES256 SHA1 no PFS

https://forum.pfsense.org/index.php?topic=96767.0

Took some time but it stays as reported. The error never occured again. But I have witnessed it on ALL my connections in question. Those were at least ~35 connections between ~5 Pfsense installations in question so I did not make this reportings out of the blue. Clueless on what may have stopped it - rebooting? Saving general-IPSEC config for the first time after Upgrade setting some crucial param for strongswan? Anyway the process of Upgrading is now done and all connections are now on IKEv2 which feels much smoother now. Everything works great. Monitoring shows a total of 324 Connections between 18 Boxes all happily connected all week long with 0 downtime  ::). I wrote myself a script for compiling the Configs this times which really speeded things up  8). I still encountered another minor issue but will make some extra thread… Regards and thanks again

At the moment I don't believe that is possible. Last I saw, the code for IKEv2 with EAP in strongSwan only worked with users entered directly into the Pre-Shared Keys tab on IPsec. It's something we'd like to see working eventually though.

thanks for the rapid response!

Hi  jimp, thx for your utf8 tip. We use LDAP and with activating "UTF8 Encode" it works flawless.

Not with any existing script.

I have exactly the same problem. And no solution.