1. Home
  2. pfSense® Software
  3. IPsec
  4. Clarifications for certificates for IKEv2+MSCHAP

Clarifications for certificates for IKEv2+MSCHAP

  • S

    I’m following the instructions here:

    https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2#Create_a_Server_Certificate

    but would like to clarify a few things:

    1. The pfsense UI seems to have changed since this wiki text was written. Where it talks about entering the Alternative Names, the 'type field' seems now to be a popup.
      a) where it says "DNS" does it mean "FQDN or hostname"?
      b) where it says "IP" it surely means "IP address"?

    2. it says “Enter the Common Name as the hostname of the firewall as it exists in DNS."  Am I correct in thinking this means the public hostname and public DNS? (as opposed to LAN side)  Can it be a CNAME or must it be an A record? ex: if I have only 1 public IP, and my A record is www.example.com and I have a CNAME that is vpn.example.com, what must I use?

    Thanks,

    Sean

    0
  • S

    Well, I finally have my VPN mostly working. It seems the answers to #1 is yes and yes.

    But I'd still like to know about #2.  I have two 'A' records for my public IP and using one of them for my certificate allows the VPN to work, but using the other it doesn't.  I don't understand that.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy