IPSEC mobile AUTHENTICATE

Yazur

This post is deleted!

Yazur

Further information :

I had misunderstood the term "Local Database", I thought it was equal to "pre-shared keys" when it was not at all.

So I tried to connect with a local user at pfsense and it doesn't work either.

Only pre-shared key authentication works.

On the other hand when I try to authenticate in the "Diagnostics --> Authentication" tab it works well for both methods "Local and Radius".

There is also another notion that I think I misunderstood:

In the creation of the pfsense certificate I mention in SAN the DNS name of my pfsense "PfsenseMASTER_OVH.lgdd.local" and in IP address "Public WAN IP".

But I authenticate my VPN clients with the public IP address rather than the DNS name.
In the P1 configuration of the tunnel, I also mention this IP address in "My login".

Why do I do this?

Well for me it is impossible for a client to resolve the DNS name "PfsenseMASTER_OVH.lgdd.local" because it is not known to the internet.
Whereas the public IP is reachable from the internet.

I see in all the tutorials that you have to put the DNS name but in my opinion it can't work.

Can you explain me, if I'm wrong?

Yazur

"Leftauth" c'est bien pour l'authentification en local?

La valeur pubkey est-elle bonne?