Windows 10 IKEv2 TLS Dialin
I have followed the guide here and in the client I am getting "IKE authentication credentials are unacceptable" and in Event Viewer "The user SYSTEM dialed a connection named XYZ which has failed. The error code returned on failure is 13801"
I've been over the guide triple checking everything (including importing the right certs to a computer) but can't get it working.
This error comes up pretty much instantaneously.
the pfSense hostname is: pfSense.localdomain (it's standalone)
The VPN address in public DNS is: vpn.domain.net
CN on Server Cert is: vpn.domain.net
SAN on Server Cert is: vpn.domain.net and WAN IP Address
CN on User Cert is: hostname of client PC
SAN on User Cert is: hostname of client PC
Phase 1 'My Id' is: Distinguished name = vpn.domain.net
Everything else is as per the guide.
What am I missing?
Don't know what I did but I reverted to a previous backup before starting this config. and did everything all over again and it works now.
Just as an update, this is working well now.
However, when RDPing to computers we get a warning that the Revocation check for our cert couldn't be completed. So I created a CRL in pfSense, exported it and imported it to computers and the warning has gone away.
However on the CRL page it shows an X for the 'In Use' column for the CRL. Do I need to force this on the IPsec Mobile Client VPN? OR does X indicate it is in-use?!!!
Thanks again :)