4. Clarifications for certificates for IKEv2+MSCHAP

Clarifications for certificates for IKEv2+MSCHAP

  • S

    I’m following the instructions here:

    https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2#Create_a_Server_Certificate

    but would like to clarify a few things:

    1. The pfsense UI seems to have changed since this wiki text was written. Where it talks about entering the Alternative Names, the 'type field' seems now to be a popup.
      a) where it says "DNS" does it mean "FQDN or hostname"?
      b) where it says "IP" it surely means "IP address"?

    2. it says “Enter the Common Name as the hostname of the firewall as it exists in DNS."  Am I correct in thinking this means the public hostname and public DNS? (as opposed to LAN side)  Can it be a CNAME or must it be an A record? ex: if I have only 1 public IP, and my A record is www.example.com and I have a CNAME that is vpn.example.com, what must I use?

    Thanks,

    Sean

    0
  • S

    Well, I finally have my VPN mostly working. It seems the answers to #1 is yes and yes.

    But I'd still like to know about #2.  I have two 'A' records for my public IP and using one of them for my certificate allows the VPN to work, but using the other it doesn't.  I don't understand that.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy