Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPSec apple profile generates a broken config

    IPsec
    1
    1
    264
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SpaceBass last edited by

      Hey folks - been hunting down a VPN profile issue. I haven't been able to get the Apple Profile tool to work. But thanks to this post, I got a working IPSec config using PSK+XAuth
      https://www.thegeekpub.com/5855/pfsense-road-warrior-ipsec-config-works/

      This is the strangest part - when I look at the config generated by PF, it's just totally off.

        <key>LocalIdentifier</key>
                                      <string>nsnetmbile</string>
                                      <key>LocalIdentifierType</key>
                                      <string>KeyID</string>
                                      <key>XAuthEnabled</key>
                                      <integer>1</integer>
                                      <key>XAuthName</key>
                                      <string>admin</string>
                                      <key>AuthenticationMethod</key>
                                      <string>SharedSecret</string>
                                      <key>RemoteAddress</key>
                                      <string>X.X.X.X</string>
                                      <key>SharedSecret</key>
                                      <data>u%%sWqzk54hJ</data> 
                                      <key>OnDemandEnabled</key>
                                      <integer>0</integer>
      

      In that snippet, the XAuthName is set (why?) to admin. I don't have an admin user in my directory at all (it's called something else). And besides, I'd want users to use their own account names.
      Then there's the shared secret - I don't know what that line is, but it's nothing related to my PF install or network. It's just a random key, from what I can tell.

      Anyone seeing this on their end too?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post