Can i use an Mail (FQUN) Identifier with password?
-
Hello,
we want to create a IPSec VPN with IKEv2 and we for the identifier a Mail (FQUN) entry.
How can i create such a identifier in PFSense?
We use at the moment pfsense 2.3.2Thanks.
Greetings -
Set the identifier to User distinguished name and then put the address in the box that shows up.
-
Thanks jiimp.
There is just another problem with this Identifier.
We have one pfsense on our headquarter and a lancom vpn router on the other site.
On the lancom router i configure IKEv2 with Mail identifier and also a PSK for the local site and the remote site (like the my identifier and peer identifier on the pfsense).
But on the pfsense i can not set a password for these identifiers.Am I right assuming that i have the set these passwords in the Pre Shared Key Tab in the IPSec configuration page?
So i set the identifier in the phase1 to User distinguished and my values. Then i create the same PSK in the "Pre Shared Keys Tab" with the Password i set in the lancom. -
You can try that but if it expects an actual IKEv2 EAP password that isn't going to work. pfSense does not have a way to setup IPsec EAP auth for site-to-site tunnels or outgoing IPsec connections.