Windows 10 IKEv2 TLS Dialin
-
Hi,
I have followed the guide here and in the client I am getting "IKE authentication credentials are unacceptable" and in Event Viewer "The user SYSTEM dialed a connection named XYZ which has failed. The error code returned on failure is 13801"
I've been over the guide triple checking everything (including importing the right certs to a computer) but can't get it working.
This error comes up pretty much instantaneously.
the pfSense hostname is: pfSense.localdomain (it's standalone)
The VPN address in public DNS is: vpn.domain.net
CN on Server Cert is: vpn.domain.net
SAN on Server Cert is: vpn.domain.net and WAN IP Address
CN on User Cert is: hostname of client PC
SAN on User Cert is: hostname of client PCPhase 1 'My Id' is: Distinguished name = vpn.domain.net
Everything else is as per the guide.
What am I missing?
Thanks
-
Don't know what I did but I reverted to a previous backup before starting this config. and did everything all over again and it works now.
-
Just as an update, this is working well now.
However, when RDPing to computers we get a warning that the Revocation check for our cert couldn't be completed. So I created a CRL in pfSense, exported it and imported it to computers and the warning has gone away.
However on the CRL page it shows an X for the 'In Use' column for the CRL. Do I need to force this on the IPsec Mobile Client VPN? OR does X indicate it is in-use?!!!
Thanks again :)