IPSec: peers_certfile



  • Hi there,

    I am in the process of testing an ipsec tunnel with pfSense on one endpoint and a linux system on the other end.

    This seems to work just fine when using pre-shared keys, but I need to make use of x509 certificates.

    I worked my way through the LARTC howto on this subject and it seems to work just fine with 2 linux systems on both ends.

    Relevant part in the racoon.conf seems to be:

    my_identifier asn1dn;
            peers_identifier asn1dn;

    certificate_type x509 "sentry.public" "sentry.private";

    peers_certfile "bilbo.public";

    When I try to duplicate this setup with pfSense 2.0 I run into troubles: I cannot find a place to setup the peers public key.

    Peter



  • My setup had some errors…. wrong path to cert files... wrong cert type for peer...

    Now it works and I am even more flabbergasted :S

    Why does it work? As far as I can tell the pfSense box does not have the others public key!


Log in to reply