IPSEC mobile AUTHENTICATE

Yazur · Mar 27, 2020, 1:12 PM

This post is deleted!

Yazur · Mar 27, 2020, 10:13 AM

Further information :

I had misunderstood the term "Local Database", I thought it was equal to "pre-shared keys" when it was not at all.

So I tried to connect with a local user at pfsense and it doesn't work either.

Only pre-shared key authentication works.

On the other hand when I try to authenticate in the "Diagnostics --> Authentication" tab it works well for both methods "Local and Radius".

There is also another notion that I think I misunderstood:

In the creation of the pfsense certificate I mention in SAN the DNS name of my pfsense "PfsenseMASTER_OVH.lgdd.local" and in IP address "Public WAN IP".

But I authenticate my VPN clients with the public IP address rather than the DNS name.
In the P1 configuration of the tunnel, I also mention this IP address in "My login".

Why do I do this?

Well for me it is impossible for a client to resolve the DNS name "PfsenseMASTER_OVH.lgdd.local" because it is not known to the internet.
Whereas the public IP is reachable from the internet.

I see in all the tutorials that you have to put the DNS name but in my opinion it can't work.

Can you explain me, if I'm wrong?

Yazur · Mar 27, 2020, 10:26 AM

"Leftauth" c'est bien pour l'authentification en local?

La valeur pubkey est-elle bonne?