Any way to manually create multiple Mobile IPSEC confgs outside the GUI?



  • I have already read a post not too far down the list that states that it is not possible to do this (at least in the supported GUI fashion), however I am just asking if anyone has actually via shell commands or some other means of magic ninja powers created such a config that persists between restarts using something along the lines of shellcmd or other utilities?  We canmigrate all of our clients to use OpenVPN, however we would be much happier to not have to do this.

    We have different companies connecting to different subnets and AD domains that are hosted in our data center.  Was hoping beyond that I would not have to expend exorbitant amounts of cash on a Cisco ASA 5525 just for this function.  Much to our delight so far the hardware we are running the PFSense 2.1.2 on is performing up to part with our old 5520 and is doing everything we need it to with this one exception.

    Any ideas, pointers, or even flames would be appreciated (especially the flames - I really look forward to those :).

    • B


  • I haven't done this by now, but in theory it should be possible. Till now I had no time to get deeper into this topic. I think, racoon is capable of this and can realize this.

    Just a thought:
    take a look into the racoon.conf and search the part of your current mobile client configuration. Duplicate it and modify the corresponding config.

    Problem:
    restarting racoon ends up in the "gui"-configuration (at least for my last test with modifying by hand)

    For persistent changes, the Filer package could be an option?!