Hello, my issue on https://github.com/opnsense/core/issues/4438 (https://github.com/opnsense/core/issues/4438) was marked as support, I try here now:
I have followed howto at https://docs.opnsense.org/manual/how-tos/ipsec-road.html and https://docs.opnsense.org/manual/how-tos/ipsec-rw-srv-ikev1xauth.html as a result working ipsec ike1 hybrid-rsa xauth, but without working xauth authentication.
Here are some logs with replaced ${USER}, ${FQDN}
2020-11-02T00:25:07 | charon[38591] | 15[IKE] <con1|3> XAuth authentication of '${USER}' failed
2020-11-02T00:25:07 | charon[38591] | 15[IKE] <con1|3> no XAuth secret found for '${FQDN}' - '${USER}'
After adding to /usr/local/etc/ipsec.secrets.opnsense.d/user.secrets lines like
[ <servername> ] <username> : XAUTH "<password>"
It works correctly.
Any ideas on which place it's going wrong?
The compatability matrix doesnt list any supported client, so it's not verified to work. Why so you not choose anything more compatible?
I choose this setup, because every android phone support this without extra software + no rollout for certificates is needed and you can use just letencrypt certificate. This 3 arguments is very important for me. And yes, I know, that it's not very secure, but it's just handy.