Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can pfSense tunnel as IKEv2 client?

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 493 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • senseivitaS
      senseivita
      last edited by senseivita

      I gave it a go now that it has support for VTI but I need to authenticate using username+password and authentication fails. :/

      For My identifier I tried all that would let me enter the username string and entered the password in the Pre-Shared Key box. Is that alright?

      In Peer identifier selected Any.

      This is the end of the logs, newest on top:

      Dec 18 18:29:18 charon 11[IKE] <con2000|21> IKE_SA con2000[21] state change: CONNECTING => DESTROYING
      Dec 18 18:29:18 charon 11[IKE] <con2000|21> no shared key found for 'egrghr_fbhgux' - 'hostname.blahblah.burkerking'
      Dec 18 18:29:18 charon 11[IKE] <con2000|21> authentication of 'egrghr_fbhgux' (myself) with pre-shared key

      Missing something? Word endings, maybe? I included a free puzzle in this msg if you solv--okay, I'm lying. It's dyslexia, makes me do that, sorry! Just finish the word; they're rarely misspelled, just incomplete. Yeah-yeah-I know. Same thing.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        No, it cannot use username+password authentication as an IPsec client.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 1
        • senseivitaS
          senseivita
          last edited by

          Thanks for clearing that up!

          You were specific though, does that mean it could use another method to authenticate then? Like Mutual RSA as IPsec client? 🤞🏼

          Missing something? Word endings, maybe? I included a free puzzle in this msg if you solv--okay, I'm lying. It's dyslexia, makes me do that, sorry! Just finish the word; they're rarely misspelled, just incomplete. Yeah-yeah-I know. Same thing.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            It depends on the context. pfSense can act as a "client" for site-to-site style connections using certificate-based auth, but it is not made to support a "mobile" or remote access style client setup where the server side sends configuration data such as the interface address to use.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.