Can pfSense tunnel as IKEv2 client?
skilledinept last edited by skilledinept
I gave it a go now that it has support for VTI but I need to authenticate using username+password and authentication fails. :/
For My identifier I tried all that would let me enter the username string and entered the password in the Pre-Shared Key box. Is that alright?
In Peer identifier selected Any.
This is the end of the logs, newest on top:
Dec 18 18:29:18 charon 11[IKE] <con2000|21> IKE_SA con2000 state change: CONNECTING => DESTROYING
Dec 18 18:29:18 charon 11[IKE] <con2000|21> no shared key found for 'egrghr_fbhgux' - 'hostname.blahblah.burkerking'
Dec 18 18:29:18 charon 11[IKE] <con2000|21> authentication of 'egrghr_fbhgux' (myself) with pre-shared key
No, it cannot use username+password authentication as an IPsec client.
skilledinept last edited by
Thanks for clearing that up!
You were specific though, does that mean it could use another method to authenticate then? Like Mutual RSA as IPsec client?
It depends on the context. pfSense can act as a "client" for site-to-site style connections using certificate-based auth, but it is not made to support a "mobile" or remote access style client setup where the server side sends configuration data such as the interface address to use.