OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • Ipsec
« previous next »
  • Print
Pages: [1] 2

Author Topic: Ipsec  (Read 7833 times)

vadimkara

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
Ipsec
« on: July 12, 2016, 03:06:01 pm »
Why there is no EAP-MSACHAPv2, authentication method? It's very usefull to connect remote desktop stations.
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2437
  • Karma: 171
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: Ipsec
« Reply #1 on: July 12, 2016, 03:27:02 pm »
at least it looks possible: https://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig
Logged

vadimkara

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
Re: Ipsec
« Reply #2 on: July 12, 2016, 04:55:55 pm »
its 100% possible in strongswan, but no frontend for this feature
Logged

AdSchellevis

  • Administrator
  • Hero Member
  • *****
  • Posts: 751
  • Karma: 141
    • View Profile
Re: Ipsec
« Reply #3 on: July 12, 2016, 09:37:10 pm »
Hi vadimkara,

eap-mschapv2 should be quite easy to add, I don't have time to test, but if you want to give it a try, this commit may work:

https://github.com/opnsense/core/commit/4638d99c0a51a3286f324f0036310e95ce81fef2

Code: [Select]
opnsense-patch 4638d99c
The config is generated to /usr/local/etc/ipsec.conf.

Regards,
Ad
Logged

vadimkara

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
Re: Ipsec
« Reply #4 on: July 13, 2016, 08:55:24 am »
Plaease add "Peer identifier" any, and fix ui bug
Logged

AdSchellevis

  • Administrator
  • Hero Member
  • *****
  • Posts: 751
  • Karma: 141
    • View Profile
Re: Ipsec
« Reply #5 on: July 13, 2016, 08:49:10 pm »
Did you try the current setup and inspect the config?
I don't think peer identifier is used for other then psk options..... (see function ipsec_find_id() and use of it in ipsec.inc)

In case you don't have time to test, please let me know, I can easily revert/undo the changes.... like I said, I don't have enough time at the moment to test this myself.
Logged

vadimkara

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
Re: Ipsec
« Reply #6 on: July 18, 2016, 07:01:01 am »
dont working at all error 809
Logged

AdSchellevis

  • Administrator
  • Hero Member
  • *****
  • Posts: 751
  • Karma: 141
    • View Profile
Re: Ipsec
« Reply #7 on: July 18, 2016, 11:40:41 am »
ok, I've reverted the changes.
In case you want to investigate further and pinpoint the needed changes in ipsec.conf for your configuration, just let me know. It's probably very easy to add, as long as you have a setup to test and time to spare.
Logged

voltara2000

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
Re: Ipsec
« Reply #8 on: October 01, 2016, 04:32:25 am »
Could you please add option to select preshared key as EAP or PSK.
If I manually go to var/local/etc/ipsec.secrets and change default PSK to EAP after restart ipsec service via gui I end up with key type set as PSK again. When I do connect from windows 7 using EAP-MSCHAPv2 the log on opnsense shows that it is missing EAP key to authenticate.

Thank you.
Logged

AdSchellevis

  • Administrator
  • Hero Member
  • *****
  • Posts: 751
  • Karma: 141
    • View Profile
Re: Ipsec
« Reply #9 on: October 01, 2016, 08:44:24 am »
Hi Voltara2000,

Can you create an issue on github (https://github.com/opnsense/core/issues) for your feature request?
This helps us keeping track of our open requests.

Best regards,

Ad
Logged

voltara2000

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
Re: Ipsec
« Reply #10 on: October 11, 2016, 04:39:14 pm »
Hi,

Unfortunately, I don't have an account for github. Don't want to open one just for this. Could you or someone else make a future request on github? This should allow using windows 7, 8 or 10 build in vpn to be able to make roadwarrior to office network.

Thank you,
Andrei
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2437
  • Karma: 171
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: Ipsec
« Reply #11 on: October 11, 2016, 10:17:51 pm »
Created: https://github.com/opnsense/core/issues/1214
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 10312
  • Karma: 803
    • View Profile
Re: Ipsec
« Reply #12 on: October 12, 2016, 07:07:11 pm »
And fixed. ;)
Logged

voltara2000

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
Re: Ipsec
« Reply #13 on: October 13, 2016, 03:26:59 pm »
Thank you very much!

Cannot wait to give this a test. Would this fix be included in 16.7.7 update?

Logged

fabian

  • Hero Member
  • *****
  • Posts: 2437
  • Karma: 171
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: Ipsec
« Reply #14 on: October 13, 2016, 03:30:37 pm »
If you cannot wait you can use the opnsense-patch utility on the command line to fetch the commit ;)
Logged

  • Print
Pages: [1] 2
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • Ipsec
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2021 All rights reserved
  • SMF 2.0.17 | SMF © 2019, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2