I am in the process of testing an ipsec tunnel with pfSense on one endpoint and a linux system on the other end.
This seems to work just fine when using pre-shared keys, but I need to make use of x509 certificates.
I worked my way through the LARTC howto on this subject and it seems to work just fine with 2 linux systems on both ends.
Relevant part in the racoon.conf seems to be:
certificate_type x509 "sentry.public" "sentry.private";
When I try to duplicate this setup with pfSense 2.0 I run into troubles: I cannot find a place to setup the peers public key.
My setup had some errors…. wrong path to cert files... wrong cert type for peer...
Now it works and I am even more flabbergasted :S
Why does it work? As far as I can tell the pfSense box does not have the others public key!