IPSec apple profile generates a broken config



  • Hey folks - been hunting down a VPN profile issue. I haven't been able to get the Apple Profile tool to work. But thanks to this post, I got a working IPSec config using PSK+XAuth
    https://www.thegeekpub.com/5855/pfsense-road-warrior-ipsec-config-works/

    This is the strangest part - when I look at the config generated by PF, it's just totally off.

      <key>LocalIdentifier</key>
                                    <string>nsnetmbile</string>
                                    <key>LocalIdentifierType</key>
                                    <string>KeyID</string>
                                    <key>XAuthEnabled</key>
                                    <integer>1</integer>
                                    <key>XAuthName</key>
                                    <string>admin</string>
                                    <key>AuthenticationMethod</key>
                                    <string>SharedSecret</string>
                                    <key>RemoteAddress</key>
                                    <string>X.X.X.X</string>
                                    <key>SharedSecret</key>
                                    <data>u%%sWqzk54hJ</data> 
                                    <key>OnDemandEnabled</key>
                                    <integer>0</integer>
    

    In that snippet, the XAuthName is set (why?) to admin. I don't have an admin user in my directory at all (it's called something else). And besides, I'd want users to use their own account names.
    Then there's the shared secret - I don't know what that line is, but it's nothing related to my PF install or network. It's just a random key, from what I can tell.

    Anyone seeing this on their end too?


Log in to reply