IPSec - Site-to-site (with XAuth?)



  • Hi all!  I've installed pfSense at several clients' offices, and in two of them I'm using it as one end of an IPSec tunnel (with an outside provider's Cisco box on the other end.)  I feel fairly comfortable with setting it up to act in that role.

    However, I have a client (the local office of an international airline) where each workstation has been assigned its own username/password and must connect, individually, via the Cisco client.  (Actually, I'm using the Shrewsoft client - so much better! - but it's the same idea.)  I was under the impression that those accounts could NOT be used as a tunnel for the whole office, but today the corporate IT guys were in town.  They don't know pfSense, but they assure me that I can connect site-to-site using and get rid of ShrewSoft.

    Unfortunately, I don't see how to do this.  I need to select "Mutual PSK + XAuth" and enter a group and password - but I don't have those options except to configure mobile clients; perhaps that's what I need to do, but I don't quite see how.

    Any pointers would be greatly appreciated!