Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Domain Name - Required Endpoint ID

    IPsec
    2
    5
    2421
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Skirmish last edited by

      Sorry if this has been answered but I've searched around with no luck.

      I'm trying to set up an IPSEC tunnel between pfsense and a snapgear using DNS identification. The problem I'm having is that the snapgears have a field "required endpoint id" for a DNS IPSEC tunnel which must be filled.
      I can't find a relevant field anywhere on PFSense which means… that I can't use DNS IPSEC tunnels  :P . I've tried manually removing the relevant lines in the snap's configuration files which seems to give the tiniest bit of success - ISAKMP-SA established then deleted within around 50 seconds.

      I'd really prefer to have DNS based IPSECS, has anyone else had this issue?

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        You can use DNS hostnames in the field for the peer address, but perhaps you are looking for the "My Identifier" field. You can set that to "Domain Name" or "User FQDN" and enter a hostname or domain in the box.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          Skirmish last edited by

          Thanks for the reply jimp. Unfortunately the snapgear looks like it wants a piece of identifying information as well as the hosts dns name. I've seen a lot of people list an endpoint ID in the same format as an email address. This is the contents of the relevant config page on the device:

          Tunnel name:
          The remote party's DNS hostname:
          Required Endpoint ID:

          Best as I can tell, the "My Identifier" field is equivalent to the snapgears "The remote party's DNS hostname" field. I hope I'm wrong, really! But I can't find a way to enter an Endpoint ID as well as the DNS hostname in pfsense  ???

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            I'm not sure what it wants then. There is only one "identifier" field to be set, and it's that field. If it's formatted like an e-mail address, that would be the "User FQDN" type.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • S
              Skirmish last edited by

              Oh well, thanks for the effort jimp - very much appreciated.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post