Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HELP ME: IKEv2 setup with StrongSwan server

    Scheduled Pinned Locked Moved IPsec
    4 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W Offline
      wildboarcharlie
      last edited by

      Hi all, I have a strongSwan VPN server (let's call this vpn-box) that I want to connect to using my pfSense machine (let's call this pf-box) to evade censorship and all that. What I want to achieve is have my pf-box share this connection to all its ethernet ports, as in the pf-box is acting like a hardware VPN of sorts. The reason why I'm doing this is I have some peripherals that have ethernet but can't install any VPN software, so I'd like to expose that to them with a pfSense box. Is this possible?

      1 Reply Last reply Reply Quote 0
      • ? Offline
        A Former User
        last edited by

        I've been trying to do this as well, with a VPN provider (NordVPN) that supports IKEv2 with MSCHAP authentification
        So far, I haven't been able to set up the pfsense as a IKEv2 client with a MSCHAP authent.  It might not be possible to do so.  But if it is, I'd be very interested to know.

        1 Reply Last reply Reply Quote 0
        • H Offline
          hugh_jarse
          last edited by

          @wildboarcharlie Yes it's completely possible, and not that hard. Similar to @LilYoda, I do exactly what you're describing to connect my pfSense box to my VPN provider (coincidentally, also NordVPN) and route my LAN traffic over the VPN, but I use OpenVPN instead of IKEv2 with MSCHAPv2. There are no problems connecting, but I've noticed that the VPN link will disconnect after a few hours despite near-constant network traffic. I've read in other threads that this behavior is due to configurations on the VPN provider's side, not pfSense's settings.

          There is a lot of documentation already prepared which can help you configure the VPN:
          https://doc.pfsense.org/index.php/VPN_Capability_Overview

          1 Reply Last reply Reply Quote 0
          • ? Offline
            A Former User
            last edited by

            I've done OpenVPN to NordVPN (I've even played around with 4 tunnels and load-balancing on the 4 tunnels)

            But haven't been able to configure IKEv2 towards NordVPN.  I read the guides you mentionned, but from what I read, MSCHAP can be configured for an IKEv2 server on pfSense, not an IKEv2 client on pfSense.  The guide on IKEv2 that you linked to is written for a IKEv2 server on pfSense, and remote clients like IOS or Android.

            Here's what I did:

            1. download root certificate from NordVPN
            2. convert to PEM format
            3. import as a CA in System->Certificate
            4. Go to VPN->IPSec and setup a sit to site tunnel.
              However, in the authentication box, either I see "Shared PSK" or "RSA"
              I have tried both settings, selecting the Root NordVPN cert for the remote in the "RSA" mode, or using my NordVPN password as the pre-shared-key when in "PSK" more
              When I go to the status page, and click "connect", it goes back to the "disconnected" state almost instantly.  When I check the logs, I keep getting an authentication failed reply from the NordVPN server.

            I might be missing something, though  :o

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.