Messages

1

Virtual private networks / Re: IPSEC IKEV2 + LDAP authentication for mobile / roadwarrior clients

« on: December 29, 2023, 05:19:01 pm »

Thank you for your time.

I wish I could avoid using a radius server, as I can't make sure to have one.

Thanks for the heads up for the embedded clients in the OSes, my idea of having a VPN server for our org that encompasses Windows, Linux and MacOS seems to be difficult with OpnSense if the native clients are unstable.

To be fair, the whole point of this would be to have a simple and fast (to setup and connect to) VPN from scratch in case of DR, so maybe I should switch from having OpnSense do everything to having a dedicated VPN server behind the firewall to take care of that part ... Softether / something else ?

2

Virtual private networks / IPSEC IKEV2 + LDAP authentication for mobile / roadwarrior clients

« on: December 28, 2023, 04:57:35 pm »

Hello,

I wanted to create an IPSEC VPN server that would be accessible without installing agents on the clients, and ideally would be compatible android and Windows.

For that, I thought I could use EAP-MSCHAPv2, but the tutorial in the docs is indicating only PSK authentication :
https://docs.opnsense.org/manual/how-tos/ipsec-rw-srv-mschapv2.html

So, is there a way to create an IPSEC connection for mobile client that could be authenticated by their LDAP login and passwords ?
Can I use let's encrypt certificates to avoid using a private CA ?

P.S. the new VPN:IPSEC:Connections interface is so confusing compared to what is now being called "Tunnel Settings"legacy""