Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can i use an Mail (FQUN) Identifier with password?

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 585 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kts-tec
      last edited by kts-tec

      Hello,

      we want to create a IPSec VPN with IKEv2 and we for the identifier a Mail (FQUN) entry.
      How can i create such a identifier in PFSense?
      We use at the moment pfsense 2.3.2

      Thanks.
      Greetings

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Set the identifier to User distinguished name and then put the address in the box that shows up.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • K
          kts-tec
          last edited by

          Thanks jiimp.

          There is just another problem with this Identifier.
          We have one pfsense on our headquarter and a lancom vpn router on the other site.
          On the lancom router i configure IKEv2 with Mail identifier and also a PSK for the local site and the remote site (like the my identifier and peer identifier on the pfsense).
          But on the pfsense i can not set a password for these identifiers.

          Am I right assuming that i have the set these passwords in the Pre Shared Key Tab in the IPSec configuration page?
          So i set the identifier in the phase1 to User distinguished and my values. Then i create the same PSK in the "Pre Shared Keys Tab" with the Password i set in the lancom.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            You can try that but if it expects an actual IKEv2 EAP password that isn't going to work. pfSense does not have a way to setup IPsec EAP auth for site-to-site tunnels or outgoing IPsec connections.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.