Pre-shared Keys, IPSec and Windows
I've just crossed the last hurtle in a three day effort to set up pfSense, IPSec, and Windows 10 native IPSec.
The last issue I ran into was that I kept getting a Windows Security dialog saying my user name or password is incorrect.
The issue was that I used the pfSense user dialog to set up a "IPsec Pre-Shared Key". This apparently creates key type of PSK (at least according to IPSec/Pre-Shared Keys. According to https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configuring-an-ipsec-remote-access-mobile-vpn-using-ikev2-with-eap-mschapv2.html, I need to set up a Secret Type of EAP.
In the end, I had to set up a separate EAP pre-shared key with the users email address and password. This is going to be interesting to maintain logistically.
Is there a requirement that EAP use "either an IP address, fully qualified domain name or an e-mail address"?
Why is it a requirement that we use EAP vs PSK keys. Is this due to using EAP-MSChapv2?
Can the User dialog be changed to create either a EAP or PSK key?