Author Topic: Ipsec (Read 7205 times)

vadimkara · « **on:** July 12, 2016, 03:06:01 pm »

Why there is no EAP-MSACHAPv2, authentication method? It's very usefull to connect remote desktop stations.

fabian · « **Reply #1 on:** July 12, 2016, 03:27:02 pm »

at least it looks possible: https://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig

vadimkara · « **Reply #2 on:** July 12, 2016, 04:55:55 pm »

its 100% possible in strongswan, but no frontend for this feature

AdSchellevis · « **Reply #3 on:** July 12, 2016, 09:37:10 pm »

Hi vadimkara,

eap-mschapv2 should be quite easy to add, I don't have time to test, but if you want to give it a try, this commit may work:

https://github.com/opnsense/core/commit/4638d99c0a51a3286f324f0036310e95ce81fef2

Code: [Select]

opnsense-patch 4638d99c
The config is generated to /usr/local/etc/ipsec.conf.

Regards,
Ad

vadimkara · « **Reply #4 on:** July 13, 2016, 08:55:24 am »

Plaease add "Peer identifier" any, and fix ui bug

AdSchellevis · « **Reply #5 on:** July 13, 2016, 08:49:10 pm »

Did you try the current setup and inspect the config?
I don't think peer identifier is used for other then psk options..... (see function ipsec_find_id() and use of it in ipsec.inc)

In case you don't have time to test, please let me know, I can easily revert/undo the changes.... like I said, I don't have enough time at the moment to test this myself.

vadimkara · « **Reply #6 on:** July 18, 2016, 07:01:01 am »

dont working at all error 809

AdSchellevis · « **Reply #7 on:** July 18, 2016, 11:40:41 am »

ok, I've reverted the changes.
In case you want to investigate further and pinpoint the needed changes in ipsec.conf for your configuration, just let me know. It's probably very easy to add, as long as you have a setup to test and time to spare.

voltara2000 · « **Reply #8 on:** October 01, 2016, 04:32:25 am »

Could you please add option to select preshared key as EAP or PSK.
If I manually go to var/local/etc/ipsec.secrets and change default PSK to EAP after restart ipsec service via gui I end up with key type set as PSK again. When I do connect from windows 7 using EAP-MSCHAPv2 the log on opnsense shows that it is missing EAP key to authenticate.

Thank you.

AdSchellevis · « **Reply #9 on:** October 01, 2016, 08:44:24 am »

Hi Voltara2000,

Can you create an issue on github (https://github.com/opnsense/core/issues) for your feature request?
This helps us keeping track of our open requests.

Best regards,

Ad

voltara2000 · « **Reply #10 on:** October 11, 2016, 04:39:14 pm »

Hi,

Unfortunately, I don't have an account for github. Don't want to open one just for this. Could you or someone else make a future request on github? This should allow using windows 7, 8 or 10 build in vpn to be able to make roadwarrior to office network.

Thank you,
Andrei

fabian · « **Reply #11 on:** October 11, 2016, 10:17:51 pm »

Created: https://github.com/opnsense/core/issues/1214

franco · « **Reply #12 on:** October 12, 2016, 07:07:11 pm »

And fixed.

voltara2000 · « **Reply #13 on:** October 13, 2016, 03:26:59 pm »

Thank you very much!

Cannot wait to give this a test. Would this fix be included in 16.7.7 update?

fabian · « **Reply #14 on:** October 13, 2016, 03:30:37 pm »

If you cannot wait you can use the opnsense-patch utility on the command line to fetch the commit

Author Topic: Ipsec (Read 7205 times)

vadimkara

Ipsec

fabian

Re: Ipsec

vadimkara

Re: Ipsec

AdSchellevis

Re: Ipsec

vadimkara

Re: Ipsec

AdSchellevis

Re: Ipsec

vadimkara

Re: Ipsec

AdSchellevis

Re: Ipsec

voltara2000

Re: Ipsec

AdSchellevis

Re: Ipsec

voltara2000

Re: Ipsec

fabian

Re: Ipsec

franco

Re: Ipsec

voltara2000

Re: Ipsec

fabian

Re: Ipsec