Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec IKE, HIP, pfSense

    Scheduled Pinned Locked Moved IPsec
    5 Posts 1 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jc2it
      last edited by

      Recently I have been researching Host Identity Protocol (HIP), and through the course of that research the question arose if pfSense could be a HIP endpoint. I believe it could pass it no problem, but I was curious. HIP uses IPsec IKE as part of its security platform. I started reading about it here and there seems to be many issues with it in conjunction with pfSense. Here are my questions:

      Has anyone installed HIP on pfsense?
      What was your procedure?
      What is the current status of IPsec IKE and pfsense 2.2.4?
      Would you recommend upgrading to 2.2.4 if you have VPN currently working?

      1 Reply Last reply Reply Quote 0
      • J
        jc2it
        last edited by

        I checked the change logs and it appears that IPsec is a moving target right now.

        2.2.3
        https://doc.pfsense.org/index.php/2.2.3_New_Features_and_Changes
        2.2.4
        https://doc.pfsense.org/index.php/2.2.4_New_Features_and_Changes
        2.2.5
        https://doc.pfsense.org/index.php/2.2.5_New_Features_and_Changes

        Also, this page was modified recently. But I don't see anything that specifically refers to the latest versions.
        https://doc.pfsense.org/index.php/Upgrade_Guide

        1 Reply Last reply Reply Quote 0
        • J
          jc2it
          last edited by

          I think I found what I want in the documentation about how to setup IPsec IKEv2, but any info on the other questions would be helpful.

          https://doc.pfsense.org/index.php/IKEv2_with_EAP-TLS

          1 Reply Last reply Reply Quote 0
          • J
            jc2it
            last edited by

            This is a good reference for learning the basics of IPsec IKEv2 and strongSwan. strongSwan is the IPsec daemon in pfSense.

            https://wiki.strongswan.org/projects/strongswan/wiki/IntroductionTostrongSwan

            1 Reply Last reply Reply Quote 0
            • J
              jc2it
              last edited by

              I can't believe all of the options available. It is ridiculous. Guidance seems minimal as well. If we need all of the options then great! Create recipes of known good configurations. Otherwise learning curve is like pole-vaulting a football field.

              This resource has pictures!
              Steve Friedl's Unixwiz.net Tech Tips
              An Illustrated Guide to IPsec
              http://www.unixwiz.net/techtips/iguide-ipsec.html

              Hmmm, For the German (Deutsch) speakers out there. I think I lost something in google translate.
              http://www.heise.de/security/artikel/Einfacher-VPN-Tunnelbau-dank-IKEv2-270056.html

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.