Can i use an Mail (FQUN) Identifier with password?



  • Hello,

    we want to create a IPSec VPN with IKEv2 and we for the identifier a Mail (FQUN) entry.
    How can i create such a identifier in PFSense?
    We use at the moment pfsense 2.3.2

    Thanks.
    Greetings


  • Rebel Alliance Developer Netgate

    Set the identifier to User distinguished name and then put the address in the box that shows up.



  • Thanks jiimp.

    There is just another problem with this Identifier.
    We have one pfsense on our headquarter and a lancom vpn router on the other site.
    On the lancom router i configure IKEv2 with Mail identifier and also a PSK for the local site and the remote site (like the my identifier and peer identifier on the pfsense).
    But on the pfsense i can not set a password for these identifiers.

    Am I right assuming that i have the set these passwords in the Pre Shared Key Tab in the IPSec configuration page?
    So i set the identifier in the phase1 to User distinguished and my values. Then i create the same PSK in the "Pre Shared Keys Tab" with the Password i set in the lancom.


  • Rebel Alliance Developer Netgate

    You can try that but if it expects an actual IKEv2 EAP password that isn't going to work. pfSense does not have a way to setup IPsec EAP auth for site-to-site tunnels or outgoing IPsec connections.