Hi all,
Im trying to set up ipsec ikev2 mutual psk on my opnsense fw
I've looked on Google and can only find how to set up mschapv2
Anyone know of any good how tos to do this
Thanks,
Rob
Hi Rob,
perhaps Google didn't found https://docs.opnsense.org/manual/vpnet.html#ipsec
Ulf
I don't see ipsec ikev2 mutual psk in the list
You can find it in the single how-tos as Phase 1 auth method
E.G. https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route.html I can.
I'm not after site to site I'm after site to remote clients
As it looks, Mutual PSK is apparently only supported for IKEv1
https://docs.opnsense.org/manual/how-tos/ipsec-rw.html
thanks
looks like MS windows 10 only supports IKEv2 MSCHAPv2, bit of a bummer as the user needs to install a cert on there machine
do i need to import the CA or server cert to the remote user who wants to connect to my ipsec server?
Finally got it working by following the link you sent
One thing I didn't do was to untick block private networks as I thought that was a bad idea
Also I had to import my CA to my remote user otherwise I got a user error when trying to connect to vpn
QuoteFinally got it working by following the link you sent
Great to hear.
QuoteOne thing I didn't do was to untick block private networks as I thought that was a bad idea
Correct. This is only for internal lab without public ip addresses.
QuoteAlso I had to import my CA to my remote user otherwise I got a user error when trying to connect to vpn
Yes. The computer of the remote user want to identify the vpn certificate and for this you have to trust your VPN-CA manually by importing the ca certificate.