Hi everyone,
I'm trying to accomplish the following:
- Setup IPSec VPN with EAP-MSCHAPv2 via IKEv2 (Windows machines RoadWarriors)
- Setup IPSec VPN with Mutual PSK +Xauth via IKEv1 (Android RoadWarriors)
I configured each one of the above alone and they work properly, but I cannot get both scenarios setup.
In theory It should be possible by adding a new Phase 1 tunnel, but as soon as I configure one of the above, the second phase one only shows me these as possible choice for Authentication Method:
- Mutual RSA
- Mutual Public Key
- Mutual PSK
What am I missing? Is this not possible?
Thank you for your help.
Ok, so no replies here :(
I searched a bit more, even on pfsense side, and it seems this is a limitation of the GUI for configuring such scenarios.
It's too bad, my old VPN (debian + strongswan) was configured this way and it was pretty straight forward.
I guess maybe the solution is to try to configure ipsec.conf manually? the issue is that eventually It will get replaced by the OPNsense GUI / services..
Just use the /usr/local/etc/ipsec.opnsense.d directory for your manual configuration files. They get included and are not affected by GUI changes.
Different lease pools for groups, dual-stack pools, eap-radius, etc. There you can use whole bunch of strongswan features that are not accessible by GUI.
There exist also strongswan.opnsense.d and ipsec.secrets.opnsense.d