Domain Name - Required Endpoint ID
-
Sorry if this has been answered but I've searched around with no luck.
I'm trying to set up an IPSEC tunnel between pfsense and a snapgear using DNS identification. The problem I'm having is that the snapgears have a field "required endpoint id" for a DNS IPSEC tunnel which must be filled.
I can't find a relevant field anywhere on PFSense which means… that I can't use DNS IPSEC tunnels :P . I've tried manually removing the relevant lines in the snap's configuration files which seems to give the tiniest bit of success - ISAKMP-SA established then deleted within around 50 seconds.I'd really prefer to have DNS based IPSECS, has anyone else had this issue?
-
You can use DNS hostnames in the field for the peer address, but perhaps you are looking for the "My Identifier" field. You can set that to "Domain Name" or "User FQDN" and enter a hostname or domain in the box.
-
Thanks for the reply jimp. Unfortunately the snapgear looks like it wants a piece of identifying information as well as the hosts dns name. I've seen a lot of people list an endpoint ID in the same format as an email address. This is the contents of the relevant config page on the device:
Tunnel name:
The remote party's DNS hostname:
Required Endpoint ID:Best as I can tell, the "My Identifier" field is equivalent to the snapgears "The remote party's DNS hostname" field. I hope I'm wrong, really! But I can't find a way to enter an Endpoint ID as well as the DNS hostname in pfsense ???
-
I'm not sure what it wants then. There is only one "identifier" field to be set, and it's that field. If it's formatted like an e-mail address, that would be the "User FQDN" type.
-
Oh well, thanks for the effort jimp - very much appreciated.
