Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec PSK+XAuth Client - How to set XAuth option?

    Scheduled Pinned Locked Moved IPsec
    4 Posts 3 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      flob
      last edited by

      Hi!

      Is it possible to setup pfSense as a IPSec client with PSK + XAuth?

      We have a customer whose network we need to connect to and they have only that VPN configured (and working with other clients).
      I can connect with my Android phone, with a Windows client, but I can't find an option in the IPSec setup. For 'Authentication Method ' only 'Mutual PSK' and 'Mutual RSA' are available.

      I tried to hack the /var/etc/ipsec/* configs but without any success. I tried to dig into the source to find where those options are set, but I am lost.
      It seems I need to add a line to ipsec.secrets with XAUTH type and add some (left|right)auth2 = xauth to ipsec.conf, โ€ฆ but without any luck so far :-/

      Does anybody know how to enable pfSense as a IPSec client with PSK+XAuth?

      If that is not possible, where could I look in the source to enable it? Is there a guide how a setting is passed through from UI to a config? And then what would be needed in the strongswan? config?

      1 Reply Last reply Reply Quote 1
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        No, it is not possible for pfSense to act in that role.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • D
          Daz22
          last edited by

          Yes this is possible.

          VPN/IPSEC/MOBILE CLIENTS
          Enable IPSEC mobile client support

          User database
          Local database (selected)

          Save

          In your p1 entry you should now have the option under p1 proposal.

          Make sure when you create your users you go back in and add the XAUTH VPN User dial-in

          Hopes this helps!

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            @Daz22:

            Yes this is possible.

            VPN/IPSEC/MOBILE CLIENTS
            Enable IPSEC mobile client support

            User database
            Local database (selected)

            Save

            In your p1 entry you should now have the option under p1 proposal.

            Make sure when you create your users you go back in and add the XAUTH VPN User dial-in

            Hopes this helps!

            That's the wrong direction. That sets up an Xauth server. OP wants pfSense to act as an Xauth client to a remote server.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.