Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IKEv2 + Client Certs + Radius possible?

    IPsec
    2
    2
    593
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      biogoon last edited by

      Hi all,

      Our current client VPN setup is OpenVPN through pfSense, with auth done through Radius (backed by active directory), and also with client cert matching turned on so the server makes sure the client has a valid cert with a cn that matches their username. This provides me with a nice level of comfort that someone has to have the client cert as well as the client username and password to try to get onto the system.

      For various reasons, we're looking at IKEv2 as an alternative to OpenVPN. I've searched, but haven't been able to find out if a similar configuration is possible with IKEv2 on pfSense as I have with OpenVPN. That is, I would like to use my radius servers for username/password as well as require a client cert with a matching cn. If that isn't possible, is using radius with certs only a possibility? I'd like to stick with radius, as even though we don't have much employee turnover, it's nice to have a central auth mechanism.

      Thanks much!

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        At the moment I don't believe that is possible. Last I saw, the code for IKEv2 with EAP in strongSwan only worked with users entered directly into the Pre-Shared Keys tab on IPsec.

        It's something we'd like to see working eventually though.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy