Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Pre-shared Keys, IPSec and Windows

    IPsec
    1
    1
    108
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wdtj last edited by

      I've just crossed the last hurtle in a three day effort to set up pfSense, IPSec, and Windows 10 native IPSec.

      The last issue I ran into was that I kept getting a Windows Security dialog saying my user name or password is incorrect.

      The issue was that I used the pfSense user dialog to set up a "IPsec Pre-Shared Key". This apparently creates key type of PSK (at least according to IPSec/Pre-Shared Keys. According to https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configuring-an-ipsec-remote-access-mobile-vpn-using-ikev2-with-eap-mschapv2.html, I need to set up a Secret Type of EAP.

      In the end, I had to set up a separate EAP pre-shared key with the users email address and password. This is going to be interesting to maintain logistically.

      Questions:
      Is there a requirement that EAP use "either an IP address, fully qualified domain name or an e-mail address"?
      Why is it a requirement that we use EAP vs PSK keys. Is this due to using EAP-MSChapv2?
      Can the User dialog be changed to create either a EAP or PSK key?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post