IPsec Profile Wizard v. 1.1_1
-
@jimp Excellent - will git it a spin :-)
I wish you could “persuade” netgate to include the multiple IP pools option for IPSec mobile warriors in 23.01.
I find it so dissapointing you still cannot create separate Firewall rules for groups of VPN users….
I developed my own fix more than half a year ago, but it’s a loosing game explaining to costumers that pfSense cannot do this - unless I create a unsupported tweak.https://forum.netgate.com/topic/172476/a-guide-to-assign-vpn-group-and-user-ip-pool-from-radius-in-22-01-2-6
Here’s the corresponding redmine:
https://redmine.pfsense.org/issues/13227
-
That's all unrelated to this package, so it doesn't belong in this thread.
And it's too late for any other features to get into 23.01.
Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp Have you tried an iPhone / iPad, if I download it to my get a Invalid Profile error?
Same with MacOS 12.6.3, pre 1.1 it imported fine.
-
@nogbadthebad said in IPsec Profile Wizard v. 1.1:
@jimp Have you tried an iPhone / iPad, if I download it to my get a Invalid Profile error?
Same with MacOS 12.6.3, pre 1.1 it imported fine.
I don't have any current iOS devices to test against.
What kind of VPN setup do you have (IKEv1 or v2, auth type, P1/P2 settings)? It might be a variation I didn't have available to test.
I was following the latest recommendations from the Apple profile docs, and it works fine on macOS with the setups I tried.
Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
-
This post is deleted! -
@nogbadthebad said in IPsec Profile Wizard v. 1.1:
EAP-RADIUS Auth
If you have a copy of an old profile around, can you do a diff between the old and new profile to see what is different?
I have an idea of what might be the issue here but I haven't confirmed it yet.
-
OK I found the problem. It was inserting
<external>into the profile for the username, which isn't valid since it looks like a tag in a profile. Not sure why it worked for my client when I tested it unless I had manually set a username somewhere.I have a couple changes coming which will address that, not only by not using that string in the profile but also showing a field in this case where you can enter in whatever username you want to put in the profile. I'll have that up later today.
-
The updated package should be available now (v. 1.1_1)
Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp Works fine on MacOS & IOS now
