Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Clarifications for certificates for IKEv2+MSCHAP

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 670 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      seanmcb
      last edited by

      I’m following the instructions here:

      https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2#Create_a_Server_Certificate

      but would like to clarify a few things:

      1. The pfsense UI seems to have changed since this wiki text was written. Where it talks about entering the Alternative Names, the 'type field' seems now to be a popup.
        a) where it says "DNS" does it mean "FQDN or hostname"?
        b) where it says "IP" it surely means "IP address"?

      2. it says “Enter the Common Name as the hostname of the firewall as it exists in DNS."  Am I correct in thinking this means the public hostname and public DNS? (as opposed to LAN side)  Can it be a CNAME or must it be an A record? ex: if I have only 1 public IP, and my A record is www.example.com and I have a CNAME that is vpn.example.com, what must I use?

      Thanks,

      Sean

      1 Reply Last reply Reply Quote 0
      • S
        seanmcb
        last edited by

        Well, I finally have my VPN mostly working. It seems the answers to #1 is yes and yes.

        But I'd still like to know about #2.  I have two 'A' records for my public IP and using one of them for my certificate allows the VPN to work, but using the other it doesn't.  I don't understand that.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.