• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Can pfSense tunnel as IKEv2 client?

Scheduled Pinned Locked Moved IPsec
4 Posts 2 Posters 500 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    senseivita
    last edited by senseivita Dec 19, 2018, 1:34 AM Dec 19, 2018, 1:31 AM

    I gave it a go now that it has support for VTI but I need to authenticate using username+password and authentication fails. :/

    For My identifier I tried all that would let me enter the username string and entered the password in the Pre-Shared Key box. Is that alright?

    In Peer identifier selected Any.

    This is the end of the logs, newest on top:

    Dec 18 18:29:18 charon 11[IKE] <con2000|21> IKE_SA con2000[21] state change: CONNECTING => DESTROYING
    Dec 18 18:29:18 charon 11[IKE] <con2000|21> no shared key found for 'egrghr_fbhgux' - 'hostname.blahblah.burkerking'
    Dec 18 18:29:18 charon 11[IKE] <con2000|21> authentication of 'egrghr_fbhgux' (myself) with pre-shared key

    Missing something? Word endings, maybe? I included a free puzzle in this msg if you solv--okay, I'm lying. It's dyslexia, makes me do that, sorry! Just finish the word; they're rarely misspelled, just incomplete. Yeah-yeah-I know. Same thing.

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Dec 19, 2018, 2:10 PM

      No, it cannot use username+password authentication as an IPsec client.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 1
      • S
        senseivita
        last edited by Dec 19, 2018, 5:25 PM

        Thanks for clearing that up!

        You were specific though, does that mean it could use another method to authenticate then? Like Mutual RSA as IPsec client? 🤞🏼

        Missing something? Word endings, maybe? I included a free puzzle in this msg if you solv--okay, I'm lying. It's dyslexia, makes me do that, sorry! Just finish the word; they're rarely misspelled, just incomplete. Yeah-yeah-I know. Same thing.

        1 Reply Last reply Reply Quote 0
        • J
          jimp Rebel Alliance Developer Netgate
          last edited by Dec 19, 2018, 5:29 PM

          It depends on the context. pfSense can act as a "client" for site-to-site style connections using certificate-based auth, but it is not made to support a "mobile" or remote access style client setup where the server side sends configuration data such as the interface address to use.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received