PSKs incorrect in ipsec.secrets - Still an Issue in 2.2.1
-
That's not the same issue for sure. The only gotcha I see there is editing the user doesn't immediately update the ipsec.secrets, you have to go to VPN>IPsec and hit Save.
You mentioned email, the username is actually what gets put into ipsec.secrets, there is no email associated with user accounts. If you just use your username, I'm guessing it'll work. They are put in there correctly.
-
@cmb:
That's not the same issue for sure. The only gotcha I see there is editing the user doesn't immediately update the ipsec.secrets, you have to go to VPN>IPsec and hit Save.
You mentioned email, the username is actually what gets put into ipsec.secrets, there is no email associated with user accounts. If you just use your username, I'm guessing it'll work. They are put in there correctly.
Hi cmb,
First, thanks for the response!
I'm aware that email addresses do not necessarily equal user accounts, however many of us do have email accounts out there as the username because of how unique it really is… (I can have 5 dsmiths but only one dsmith@thatdomain.com)
As a result, this method of setting a username and a PSK has worked from pfSense 1.2.3 on through 2.1.5 or 2.1.6, but as of 2.2 and beyond the @ sign or some other factor that I'm not aware of seems to have broken it.
So the issue is that in cases where I have 30-50 road warrior users out there with their email address as their username, fixing it would require generating new accounts and touching every device prior to upgrading the firewall. If there's a fix to the problem on the horizon, I'd rather wait for it. :-)
-
I mis-read that "edit my user" part as meaning users in the user manager. The @ character isn't an accepted username for the user manager, and never has been. You're actually using the VPN>IPsec, PSK tab, where emails are fine. What you're describing should work, I'll double check that with the Shrew Soft config you're showing when I have a moment.
-
@cmb:
I mis-read that "edit my user" part as meaning users in the user manager. The @ character isn't an accepted username for the user manager, and never has been. You're actually using the VPN>IPsec, PSK tab, where emails are fine. What you're describing should work, I'll double check that with the Shrew Soft config you're showing when I have a moment.
Cool. Thanks, cmb! PM me if you need access to a test firewall. I can easily make one available to you.
-
Could you re-test this on 2.2.3? Snapshots available at https://snapshots.pfsense.org. I don't see any issues here.
-
Sure, I'll test-upgrade a firewall over the weekend and see if the problem is resolved. :-)
-
Thanks. I'll be around this weekend, would like to look into it with you if it's still an issue.
-
@cmb:
Thanks. I'll be around this weekend, would like to look into it with you if it's still an issue.
No luck, cmb. I'm going to PM you some remote login details now. :-)
-
The issue was this:
https://redmine.pfsense.org/issues/4781it works now. I applied that change to the 2.2.3 system you brought up, and can connect fine now. If you can confirm as well that'd be appreciated.
Thanks for your help!
-
@cmb:
The issue was this:
https://redmine.pfsense.org/issues/4781it works now. I applied that change to the 2.2.3 system you brought up, and can connect fine now. If you can confirm as well that'd be appreciated.
Thanks for your help!
I'll check this afternoon when I make it back to a location I can check it from. Thanks, cmb!