Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Questions migrating Linux Strongswan IKEv2 setup

    IPsec
    2
    2
    504
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Strykar last edited by

      I have Strongswan IKEv2 VPN setup for mobile clients running on a Slackware linux machine.
      The clients are running Android and the latest strongswan ipsec client on their phones.
      We are looking at moving the VPN server to pfsense.

      Here's my current /etc/ipsec.conf:

      # ipsec.conf - strongSwan IPsec configuration file

config setup
	charondebug="cfg 2, lib 1, dmn 1, ike 3, net 1, knl 1"

conn %default
	keyexchange=ikev2
	dpdaction=clear
	ike=aes128gcm16-aesxcbc-modp2048
	esp=aes128gcm16
	dpddelay=300s
	rekey=no
	leftsubnet=0.0.0.0/0,2000::/3
 	leftcert=vpnHostCert.pem
	leftid="C=CH, O=strongSwan, CN=slack14.wrtpoona.in"
	right=%any
	rightsourceip=%dhcp,2604:8800:100:8277:ffff:ffff:ffff:fffc/126 #4 IPv6 hosts

	leftfirewall=yes
	forceencaps=yes
	compress=yes
	auto=start

conn IPSec-IKEv2
	keyexchange=ikev2
	auto=add

      I don't see an option for IKEv2 using certs in the Phase 1 proposal (Authentication method options).
      What type should I select in the drop down menu?

      How can I migrate this setup to pfsense?

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        EAP-TLS is IKEv2 with per-user certificates.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post