Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IKEv2 + Client Certs + Radius possible?

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 866 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      biogoon
      last edited by

      Hi all,

      Our current client VPN setup is OpenVPN through pfSense, with auth done through Radius (backed by active directory), and also with client cert matching turned on so the server makes sure the client has a valid cert with a cn that matches their username. This provides me with a nice level of comfort that someone has to have the client cert as well as the client username and password to try to get onto the system.

      For various reasons, we're looking at IKEv2 as an alternative to OpenVPN. I've searched, but haven't been able to find out if a similar configuration is possible with IKEv2 on pfSense as I have with OpenVPN. That is, I would like to use my radius servers for username/password as well as require a client cert with a matching cn. If that isn't possible, is using radius with certs only a possibility? I'd like to stick with radius, as even though we don't have much employee turnover, it's nice to have a central auth mechanism.

      Thanks much!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        At the moment I don't believe that is possible. Last I saw, the code for IKEv2 with EAP in strongSwan only worked with users entered directly into the Pre-Shared Keys tab on IPsec.

        It's something we'd like to see working eventually though.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.