How to translate ipsec client options
-
Hello,
I am currently testing against a 2.0.3 firewall in a vmware environment.
I support macintosh, and windows clients here at my office. I am trying to setup a reliable road-warrior ipsec vpn. I am having troubles with it, but I will leave that for another post.
I am looking at more than two different vpn clients.
The first one is using shrewsoft 2.2.2 (free) client for windows. I see in its options bits like:
-
general options: auto configuration
-
ike config pull/push
-
dhcp over ipsec
-
The second one is MacOS 10.8 vpn (cisco ipsec)
Additional clients include android and iphone (ios?).
How do I figure out what the options mean and whether they map to pfsense's ipsec settings? OR, in the case of the Macintosh, what settings to use on pfsense? (for instance, mutual psk+ xauth?)
I have been digging through the pfsense docs and wiki site. I am looking to find how much pfsense ipsec conforms to what the IETF calls 'ipsec'.
ARe there certain minimum settings that most, if not all ipsec clients will conform to?
I also noticed that the pfsense ipsec settings (appear to) only allow ONE set of phase 1 settings for mobile clients. Is there a way to specify more than one in case there are no commonalities between the two mentioned clients?
Thank you for reading through my post.
–jason
-
-
I have had some traction on this, and I will post my results shortly…
--jason
-
The settings for mobile IPsec on the wiki have been confirmed to work on every platform you mention: Windows via Shrew Soft, OS X's built-in client, iOS, and Android (and others)
There are some client notes on the wiki but the most complete source of information will be the updated official pfSense book for 2.1 that will be coming out soon. It has a walk-through for configuring most of those clients, if not all of them.
