Phase 1 proposal (authentication) only Mutual Certificate/PSK available
-
I have a SG-1100, operating on 23.01, I am trying to clone my existing VPN's from two other configured and working installations and when I start setting up phase 1 authentication, my only two options are Mutual certificate and Mutual PSK. On my other two appliances I have many other options.
I am almost certain this is operator error, but what exactly do I need to do to enable the rest of the options? I have seen this question posted a few places and there is never any answer. I have restored the SG-1100 to factory settings a few times, installed the patches package and installed recommended patches.
-
Site-to-site tunnels are only Mutual certificate or PSK.
A mobile IPsec tunnel can use more/different authentication options but you can only have one mobile tunnel.
The one you are trying to copy might be a mobile setup which is a bit different to setup than site-to-site. You have to enable it on the mobile tab and create the P1 using the button it will offer you once that's enabled.
See https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-mschapv2.html for a whole walk-through
-
@jimp that actually makes a lot of sense, I am setting up a mobile vpn to my other house.
I will give it a try this afternoon when I am back in front of the netgate device and report back.
Thank you for the assist
-
@jimp Thank you sir, that did the trick, after I setup mobile config, applied settings and saved the authentication fields appeared.
Much appreciate the assist sir.
