IPSec PSK+XAuth Client - How to set XAuth option?



  • Hi!

    Is it possible to setup pfSense as a IPSec client with PSK + XAuth?

    We have a customer whose network we need to connect to and they have only that VPN configured (and working with other clients).
    I can connect with my Android phone, with a Windows client, but I can't find an option in the IPSec setup. For 'Authentication Method ' only 'Mutual PSK' and 'Mutual RSA' are available.

    I tried to hack the /var/etc/ipsec/* configs but without any success. I tried to dig into the source to find where those options are set, but I am lost.
    It seems I need to add a line to ipsec.secrets with XAUTH type and add some (left|right)auth2 = xauth to ipsec.conf, … but without any luck so far :-/

    Does anybody know how to enable pfSense as a IPSec client with PSK+XAuth?

    If that is not possible, where could I look in the source to enable it? Is there a guide how a setting is passed through from UI to a config? And then what would be needed in the strongswan? config?


  • Rebel Alliance Developer Netgate

    No, it is not possible for pfSense to act in that role.



  • Yes this is possible.

    VPN/IPSEC/MOBILE CLIENTS
    Enable IPSEC mobile client support

    User database
    Local database (selected)

    Save

    In your p1 entry you should now have the option under p1 proposal.

    Make sure when you create your users you go back in and add the XAUTH VPN User dial-in

    Hopes this helps!


  • Rebel Alliance Developer Netgate

    @Daz22:

    Yes this is possible.

    VPN/IPSEC/MOBILE CLIENTS
    Enable IPSEC mobile client support

    User database
    Local database (selected)

    Save

    In your p1 entry you should now have the option under p1 proposal.

    Make sure when you create your users you go back in and add the XAUTH VPN User dial-in

    Hopes this helps!

    That's the wrong direction. That sets up an Xauth server. OP wants pfSense to act as an Xauth client to a remote server.