Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Roadwarrier-Setup IKEv2, mutual certificate authentication and provisioning with Apple Configurator

    Scheduled Pinned Locked Moved
    IPsec
    1
    1
    57
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • -flo- 0-
      -flo- 0
      last edited by

      I want to implement an IKEv2 roadwarrior setup with Mutual Certificate authentication to access my home network from iOS and Mac OS devices.

      I would do the following:

      Create a letsencrypt server certificate for the server side with the name as configured in DNS.

      On the pfSense I also have a CA. I create one client certificate for each of my clients and sign these using my own CA.

      When connecting the client presents a client certificate which pfSense can validate against its own CA while the server presents a certificate which the client can validate using a letencrypt root certificate.

      Should this work - generally speaking?

      Has anyone around here ever successfully provisioned an IKEv2 profile to an iOS device with Apple Configurator? This tool is mentioned several times in the documentation however there is no step by step walkthrough for my intended setup.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post