Questions migrating Linux Strongswan IKEv2 setup
-
I have Strongswan IKEv2 VPN setup for mobile clients running on a Slackware linux machine.
The clients are running Android and the latest strongswan ipsec client on their phones.
We are looking at moving the VPN server to pfsense.Here's my current /etc/ipsec.conf:
# ipsec.conf - strongSwan IPsec configuration file config setup charondebug="cfg 2, lib 1, dmn 1, ike 3, net 1, knl 1" conn %default keyexchange=ikev2 dpdaction=clear ike=aes128gcm16-aesxcbc-modp2048 esp=aes128gcm16 dpddelay=300s rekey=no leftsubnet=0.0.0.0/0,2000::/3 leftcert=vpnHostCert.pem leftid="C=CH, O=strongSwan, CN=slack14.wrtpoona.in" right=%any rightsourceip=%dhcp,2604:8800:100:8277:ffff:ffff:ffff:fffc/126 #4 IPv6 hosts leftfirewall=yes forceencaps=yes compress=yes auto=start conn IPSec-IKEv2 keyexchange=ikev2 auto=add
I don't see an option for IKEv2 using certs in the Phase 1 proposal (Authentication method options).
What type should I select in the drop down menu?How can I migrate this setup to pfsense?
-
EAP-TLS is IKEv2 with per-user certificates.