Settings for Windows, iPhone, and Mac

beedix

Is there a common Ipsec configuration that will works for Windows 7, Windows 10, Mac, and iPhone all with most current OS updates?  I won't have but two users with multiple devices so a 3rd party client is not out of the question for me.  From searching, everything I've found required 3des which I'd rather not use and I'm wondering if there is something I'm overlooking?

On my previous router, I was able to get an L2TP over Ipsec connection working on the above devices, but I haven't had much luck so far on the pfSense.

Thanks!

NogBadTheBad

https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2

I had to use 3des after trying for ages to get it to work without.

The following works with IOS, MacOS & W7 :-

P1

Encryption Algorithm 3DES
Hash Algorithm SHA1
DH Group 2 (1024 bit)
Lifetime 1024

P2

Encryption Algorithms AES & 3des
Hash Algorithms SHA1, SHA256, SHA384, SHA512

beedix

Thanks, that confirms my experience as well.  Is iOS the OS limited to 3des?

Will windows 7 support AES-GCM?

I'm almost tempted to setup two VPNs to get optimal performance on the tunnel I use most often.

beedix

This configuration is what I'd prefer which works great on iOS and mac, but I've yet to have success on Win7
https://grokdesigns.com/pfsense-ikev2-for-ios-macos-1/

NogBadTheBad

I did manage to get IOS working with AES as per the link but then Windows fails :-

https://support.apple.com/en-gb/HT206154

grokdesigns

@beedix:

This configuration is what I'd prefer which works great on iOS and mac, but I've yet to have success on Win7
https://grokdesigns.com/pfsense-ikev2-for-ios-macos-1/

Just saw this referenced in my traffic logs. Glad you found it useful! I haven't attempted with Windows 7, but according to Microsoft, it does support AES-GCM. Testing this is on my to-do list, but you probably have to use the Powershell configuration to get this set up.

beedix

Unfortunately, the functions that you need in powershell aren't available under windows 7 like they are in windows 10.  I've downloaded literally every version of powershell.  If you were to find a way, I'd be very interested in seeing how this is done.

For now, I'm rolling with 3des which I cringe at the idea of.  The only Windows 7 PC that is holding me back is my work laptop.  Luckily, I'm due for an upgrade so I've asked our IT group to issue me a new PC with windows 10 so I'm pretty excited to get some new hardware which I'm confident will allow access to the functions needed to configure the specifics.

Much appreciated for the guide and I'll be watching if you post anything on the Windows 7 front!