@eskild:

ipsec is unable to read the private key.

with ipsec listcerts you should see a line like
  pubkey:    RSA 4096 bits**, has private key**

If that's not the case, try the following commands
ipsec rereadall
ipsec restart (restart not reload!)

What's the output of ipsec listcerts ?

I had the same issue with pfSense 2.2 after creating a CA and a certificate (annoyingly, StrongSwan apparently does not and will not support wildcard certs).  IPSec log when I connect:

charon: 05[IKE] no private key found for 'C=US, ST=Illinois, L=Naperville, O=ITS Inc, E=support@example.com, CN=router1.example.net'

ipsec listcerts output:

List of X.509 End Entity Certificates:

subject:  "C=US, ST=Illinois, L=Naperville, O=ITS Inc, E=support@example.com, CN=router1.example.net"
  issuer:  "C=US, ST=Illinois, L=Naperville, O=ITS Inc, E=support@example.com, CN=router1-ca"
  serial:    02
  validity:  not before Mar 17 23:10:33 2015, ok
            not after  Mar 14 23:10:33 2025, ok
  pubkey:    RSA 2048 bits
  keyid:    xxxx
  subjkey:  xxxx
  xxxx

$ ipsec restart
Stopping strongSwan IPsec…
Starting strongSwan 5.2.1 IPsec [starter]…
no netkey IPsec stack detected
no KLIPS IPsec stack detected
no known IPsec stack detected, ignoring!

After those commands, I get "pubkey:    RSA 2048 bits, has private key".  Unfortunately despite that, I still get error 13801 from Windows when using the common name or IP address.

ipsec is unable to read the private key.

with ipsec listcerts you should see a line like
  pubkey:    RSA 4096 bits**, has private key**

If that's not the case, try the following commands
ipsec rereadall
ipsec restart (restart not reload!)

What's the output of ipsec listcerts ?

Yes, seems that the IPSec phase 1 identifier must match both the server-cert CN and a SAN DNS entry.

The problem in my case is when creating both entries in the server-cert, ipsec is unable to read the private key.

When I made mine, I used the hostname of the firewall for the CN and the IP address for a SAN. That was good enough.

The problem in my case is when creating both entries in the server-cert, ipsec is unable to read the private key.

I have tried to configure EAP-TLS according to the guide, but using DNS instead of IP for SAN in server-cert.
But when using a server-cert generated with SAN DNS=site.domain.com, I see the following in the pfsense log:
charon: 14[IKE] no private key found for 'C=NO, ST=Area, L=City, O=Org, E=user@domain.com, CN=site.domain.com'

I have tried without the SAN conf in the server-cert, but then the client complains over the identity.

I believe I saw that when the identifier entered for the IPsec Phase 1 did not match the CN of the certificate.

I have tried without the SAN conf in the server-cert, but then the client complains over the identity.

The client is StrongSwan on android.

Any idea what might be wrong in my setup?

Jan 21 22:15:23 	charon: 14[NET] sending packet: from yyy.yyy.yyy.yyy[4500] to 77.16.3.108[55904] (80 bytes)
Jan 21 22:15:23 	charon: 14[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Jan 21 22:15:23 	charon: 14[IKE] no private key found for 'C=NO, ST=Area, L=City, O=Org, E=user@domain.com, CN=site.domain.com'
Jan 21 22:15:23 	charon: 14[IKE] <con2|50>no private key found for 'C=NO, ST=Area, L=City, O=Org, E=user@domain.com, CN=site.domain.com'
Jan 21 22:15:23 	charon: 14[IKE] peer supports MOBIKE
Jan 21 22:15:23 	charon: 14[IKE] <con2|50>peer supports MOBIKE
Jan 21 22:15:23 	charon: 14[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Jan 21 22:15:23 	charon: 14[IKE] <con2|50>received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Jan 21 22:15:23 	charon: 14[IKE] initiating EAP_IDENTITY method (id 0x00)
Jan 21 22:15:23 	charon: 14[IKE] <con2|50>initiating EAP_IDENTITY method (id 0x00)
Jan 21 22:15:23 	charon: 14[CFG] selected peer config 'con2'
Jan 21 22:15:23 	charon: 14[CFG] looking for peer configs matching yyy.yyy.yyy.yyy[%any]...77.16.3.108[C=NO, ST=Area, L=City, O=Org, E=user@domain.com, CN=eskild]
Jan 21 22:15:23 	charon: 14[IKE] received cert request for "C=NO, ST=Area, L=City, O=Org, E=user@domain.com, CN=internal-ca"
Jan 21 22:15:23 	charon: 14[IKE] <50> received cert request for "C=NO, ST=Area, L=City, O=Org, E=user@domain.com, CN=internal-ca"
Jan 21 22:15:23 	charon: 14[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ CPRQ(ADDR ADDR6 DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
Jan 21 22:15:23 	charon: 14[NET] received packet: from 77.16.3.108[55904] to yyy.yyy.yyy.yyy[4500] (656 bytes)
Jan 21 22:15:23 	charon: 14[NET] sending packet: from yyy.yyy.yyy.yyy[500] to 77.16.3.108[48693] (385 bytes)
Jan 21 22:15:23 	charon: 14[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ]
Jan 21 22:15:23 	charon: 14[IKE] sending cert request for "C=NO, ST=Area, L=City, O=Org, E=user@domain.com, CN=internal-ca"
Jan 21 22:15:23 	charon: 14[IKE] <50> sending cert request for "C=NO, ST=Area, L=City, O=Org, E=user@domain.com, CN=internal-ca"
Jan 21 22:15:23 	charon: 14[IKE] sending cert request for "C=NO, ST=Area, L=City, O=Org, E=user@domain.com, CN=GuestCa"
Jan 21 22:15:23 	charon: 14[IKE] <50> sending cert request for "C=NO, ST=Area, L=City, O=Org, E=user@domain.com, CN=GuestCa"
Jan 21 22:15:23 	charon: 14[IKE] sending cert request for "C=NO, ST=Area, L=City, O=Org, E=user@domain.com, CN=internal-bkp-ca"
Jan 21 22:15:23 	charon: 14[IKE] <50> sending cert request for "C=NO, ST=Area, L=City, O=Org, E=user@domain.com, CN=internal-bkp-ca"
Jan 21 22:15:23 	charon: 14[IKE] remote host is behind NAT
Jan 21 22:15:23 	charon: 14[IKE] <50> remote host is behind NAT
Jan 21 22:15:23 	charon: 14[IKE] 77.16.3.108 is initiating an IKE_SA
Jan 21 22:15:23 	charon: 14[IKE] <50> 77.16.3.108 is initiating an IKE_SA
Jan 21 22:15:23 	charon: 14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
Jan 21 22:15:23 	charon: 14[NET] received packet: from 77.16.3.108[48693] to yyy.yyy.yyy.yyy[500] (868 bytes)
Jan 21 22:15:23 	charon: 09[NET] sending packet: from yyy.yyy.yyy.yyy[500] to 77.16.3.108[48693] (38 bytes)
Jan 21 22:15:23 	charon: 09[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Jan 21 22:15:23 	charon: 09[IKE] DH group MODP_2048 inacceptable, requesting MODP_1024
Jan 21 22:15:23 	charon: 09[IKE] <49> DH group MODP_2048 inacceptable, requesting MODP_1024
Jan 21 22:15:23 	charon: 09[IKE] remote host is behind NAT
Jan 21 22:15:23 	charon: 09[IKE] <49> remote host is behind NAT
Jan 21 22:15:23 	charon: 09[IKE] 77.16.3.108 is initiating an IKE_SA
Jan 21 22:15:23 	charon: 09[IKE] <49> 77.16.3.108 is initiating an IKE_SA
Jan 21 22:15:23 	charon: 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
Jan 21 22:15:23 	charon: 09[NET] received packet: from 77.16.3.108[48693] to yyy.yyy.yyy.yyy[500] (996 bytes)</con2|50></con2|50></con2|50></con2|50> 

I'm using the DNS name of my pfSense as SAN, not my IP, but I think that should work too.

Yes that should work as long as the identifier set on the IPsec Phase 1 matches the CN of the cert the client should be able to use either the CN or a SAN to connect. Though even that check can be disabled on the client side with some of the advanced options I believe, it's better to have it enabled.

@hege:

In P2 PFS 2 / additional hash and encryoption algorithms are also possible.

Yes, I expect several more combinations to work, I just wanted to document one that was specifically known to work and was reasonably secure. We can add more known-good combinations to the list as they are found.

@hege:

You also have to import the cert to the User store, not the Machine store, if you want to use the machine store, you have to change your connection (not tested, verified):

Set Authentication / Use machine certificates

I didn't get it working with Machine Certificates, but using it in the local user store I was able to get it running fine so long as I had the CN also as a DNS type SAN. I adjusted the docs to reflect that.

Type: Network
Address: 0.0.0.0/0

That lets all traffic pass through the VPN including Internet traffic.

I tried unchecking the "Provide a list of accessible networks to clients" box in the Mobile clients config page but it still isn't working.  Ideas?

I'm using the DNS name of my pfSense as SAN, not my IP, but I think that should work too.

In P2 PFS 2 / additional hash and encryoption algorithms are also possible.

You also have to import the cert to the User store, not the Machine store, if you want to use the machine store, you have to change your connection (not tested, verified):

Set Authentication / Use machine certificates

https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2

And then adapted it for EAP-TLS also:

https://doc.pfsense.org/index.php/IKEv2_with_EAP-TLS

Everything look OK?
I haven't had a chance to properly/fully test the EAP-TLS path, first try the server rejected the cert, which means I probably didn't have the SAN bits right. Will try again tomorrow.

I'll try out EAP-TLS and make a doc for that, too, once I get it running.

EAP-TLS on pfSense:
different authentication method
no need for preshared key

EAP-TLS Windows:
Import the client cert as in your description (cert must have the CN as SAN value)
Authentification:
  Microsoft: Smart Card or other certificate
Properties
  Use a certificate on this computer
    Advanced
      Certificate Issuer
          Choose your imported CA Certificate
        Extended Key Usage
          Client Authentification
    Verify the servers identity by validating the certificate
    Connect to these servers
          pfSense host (same as in CN)
          Trusted Root Certificate Authorities
              Choose your imported CA Certificate
    Uncheck: Use a different user name for the connection

https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2

Comments/additions/suggestions welcome, of course.

I could do one for EAP-TLS as well if someone notes more specifically what the differences are with the configuration on both sides.

I guess user@domain needs to be input on the WP8.1 VPN client configuration side? Is that the case hege?

Yes, I am using the users e-mail as the identifier, that is very easy and avoids additional support cases. ("what is my username?")….

In my previous test configuration I also had to write "Windows Phone\user" to ipsec.secrets like wta mentioned. I guess user@domain needs to be input on the WP8.1 VPN client configuration side? Is that the case hege?

I apologise for the delay, as I have been travelling. I am not currently able to test the latest snapshot due to other commitments, but should be able to do so within the next three weeks.

Thanks

Gui Description:  :)
Identifier
This can be either an IP address, fully qualified domain name or an e-mail address.

Edit:

EAP-TLS now working

Cert requirements,

• Full trust of chain (Root CA have to be installed on the client)

• pfSense Server Cert needs the EKU "Server Authentification", also the FQDN in the Subject Alternative Names

• pfSense Client Cert needs the EKU "Client Authentification", also the CN name as a FQDN in the SAN

I struggled hours to get this to work. So that no one else does the same mistakes, here are everything I did wrong. First, I accidently used an old certificate generated - I believe for OpenVPN - a long time ago. Problem with this one was that it was a client certificate so it didn't include the needed EKU. After generating a proper server cert (and with my pfSense box DynDNS name in Alternate Names) I finally managed to get IPSec to work with my Android tablet using strongSwan client.

At this point my WP8.1 phone nor Windows 8 PC still didn't want to connect. This time the problem was that although I had installed the server cert so that Win8/WP8 would trust it, I hadn't installed CA root cert which is also required, as stated in http://technet.microsoft.com/en-us/library/dd941612%28v=ws.10%29.aspx. After installing the root cert in the Trusted Root Certification Authorities per-computer certificate store (very important it's exactly this one) Win8 PC finally connected.

With WP8 I stumbled a small problem, though. Whereas Win8 PC reports the configured identifier properly (let's call it user), my Lumia prefixes it with Windows Phone so pfSense sees it as Windows Phone\user. This would require identifier to be in ipsec.secrets as in "Windows Phone\user" : EAP password. However, pfSense GUI doesn't allow spaces, backslashes or quotation marks to be included in identifiers. If I manually add the above line in ipsec.secrets and reload it, connection works also with WP8. Configuration is overwritten quite often automatically, though, so this workaroung doesn't work for very long.

Would it be difficult to make the inclusion of _Windows Phone_ possible in key identifiers? Or is there another way to do this?

Again, thank you everyone who has been involved in this!

The pfSense vpn cert need at least this EKU: 1.3.6.1.5.5.7.3.1

To confirm/clarify, that EKU is "TLS Web server authentication" which is added to the cert when "Server Certificate" is chosen in the pfSense GUI.

I would say, eap-mschapv2 is now fully implemented, working and tested.

Needed Win 8 Client config:

Security: IKEv2
Data encryption: Require encryption
Authentication
Use EAP Microsoft: Secured password (EAP-MSCHAP v2)

The pfSense vpn cert need at least this EKU: 1.3.6.1.5.5.7.3.1
Also the vpn cert used by pfSense has to be accepted by the Win 8 machine (full trust of chain)

@kathode I think you have to say "Thank you ermal!"  :D

this has been merged into 2.2 as well.

Done it was just forgotten.
Test it and let me know.

The link to the private key has to be in ipsec.secrets (not only eap-mschapv2)
" : RSA /var/etc/ipsec/ipsec.d/private/cert-3.key"

(space at start)
https://wiki.strongswan.org/projects/strongswan/wiki/RsaSecret

I applied your patch, added the RSA key to the ipsec.secrets, and used this commands:
ipsec rereadall
ipsec reload

eap-mschapv2 WORKING on Win 8.1 Pro and Windows Phone 8.1!
Config:
Phase1: AES256/SHA1/DH2
Phase2: AES256/SHA1/PFS