IPSec - Multiple phase 1 configuration issue

Started by dsimoes, March 26, 2020, 03:10:14 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 26, 2020, 03:10:14 PM
Hi everyone,

I'm trying to accomplish the following:

- Setup IPSec VPN with EAP-MSCHAPv2 via IKEv2 (Windows machines RoadWarriors)
- Setup IPSec VPN with Mutual PSK +Xauth via IKEv1 (Android RoadWarriors)

I configured each one of the above alone and they work properly, but I cannot get both scenarios setup.

In theory It should be possible by adding a new Phase 1 tunnel, but as soon as I configure one of the above, the second phase one only shows me these as possible choice for Authentication Method:

- Mutual RSA
- Mutual Public Key
- Mutual PSK

What am I missing? Is this not possible?

Thank you for your help.
March 30, 2020, 03:46:06 PM #1
Ok, so no replies here :(

I searched a bit more, even on pfsense side, and it seems this is a limitation of the GUI for configuring such scenarios.

It's too bad, my old VPN (debian + strongswan) was configured this way and it was pretty straight forward.

I guess maybe the solution is to try to configure ipsec.conf manually? the issue is that eventually It will get replaced by the OPNsense GUI / services..
April 02, 2020, 10:11:53 PM #2 Last Edit: April 02, 2020, 10:13:32 PM by hbc
Just use the /usr/local/etc/ipsec.opnsense.d directory for your manual configuration files. They get included and are not affected by GUI changes.
Different lease pools for groups, dual-stack pools, eap-radius, etc. There you can use whole bunch of strongswan features that are not accessible by GUI.

There exist also strongswan.opnsense.d and ipsec.secrets.opnsense.d
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
Print
Go Up Pages1
User actions