Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Ikev2 split tunneling for Roadies - Best practice (Mac & Windows)
« previous
next »
Print
Pages: [
1
]
Author
Topic: Ikev2 split tunneling for Roadies - Best practice (Mac & Windows) (Read 2683 times)
mfpck
Jr. Member
Posts: 50
Karma: 5
Ikev2 split tunneling for Roadies - Best practice (Mac & Windows)
«
on:
October 16, 2021, 01:09:03 pm »
Hello,
Just trying to understand one aspect: If I choose IKEv2 with EAP-MSCHAPv2 for my Mac & Windows Roadie clients I only need to install the Certificates on the clients if I use a self signed Certs. right ?
If I do it with eg. acme - Let's encrypt I not need to install the certs on the clients, is that correct ?
Thanks !
«
Last Edit: October 24, 2021, 08:17:39 pm by mfpck
»
Logged
mfpck
Jr. Member
Posts: 50
Karma: 5
Re: Ikev2 for Roadies - Certificates ?
«
Reply #1 on:
October 18, 2021, 05:06:01 pm »
Bump
Logged
mfpck
Jr. Member
Posts: 50
Karma: 5
Re: Ikev2 for Roadies - Best practice
«
Reply #2 on:
October 24, 2021, 11:26:46 am »
Ok. I tested it with acme and it works !
Logged
mfpck
Jr. Member
Posts: 50
Karma: 5
Re: Ikev2 for Roadies - Best practice
«
Reply #3 on:
October 24, 2021, 08:16:45 pm »
As already mentioned I focused my tests regrading Mac and Windows 10 clients for a proper split tunneling setup (...)
I realized that the split tunnel works out of the box for Mac but not at all for Windows 10 also if I disable via clicki the variable 'use default gw. on remote network' does not did the trick...further for Mac and Windows as well the split dns and or dns server variables seem to not get pushed to the RoadWarriors....all this reminds me of the good old times of l2tp over ipsec where it was impossible to get a split tunnel setup up and running easily especially with windows clients except to use some powershell scripts to deploy the vpns with routes or do I miss something here ?
Logged
mfpck
Jr. Member
Posts: 50
Karma: 5
Re: Ikev2 split tunneling for Roadies - Best practice (Mac & Windows)
«
Reply #4 on:
October 27, 2021, 08:53:00 pm »
I wonder that this topic seem to do not care anybody really but I want to know and I do test and research about details regarding ikev2 split dns, split tunnelling/routing and encryption capabilities for windows 10+ and macOS in terms of
setup/maintenance overhead and performance and security indeed !
I guess that a lot of people who wanna get the benefits of ikev2 ending up routing the whole traffic over for pragmatic reasons and are generating a general traffic issue ending up dealing with bandwith limiting fun or using openvpn which is split able whoop but you need to touch and maintain the clients and is slow!
Personally I will continue with ikev2 for site2site only which is great (GCM & co) but due to the lack of documentation(pfsense & oPNsense) regarding details for clients (split, encryption capapabilities) it seems to be more an academic task. So for my Roadies I will choose Wireguard, ya I need to touch and maintain the clients also, but it is reasonable for what I get !
I hope that someone could benefit from my post & if anybody like to deploy split vps with appropriate encryption settings via windows cmd style, here is a way which works but I don't touch this into production ;-)
https://forum.netgate.com/topic/150670/safe-ikev2-configuration-for-pfsense-and-windows-10-and-macos
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Ikev2 split tunneling for Roadies - Best practice (Mac & Windows)
