Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
Mobile Client - Best Solution?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Mobile Client - Best Solution? (Read 3057 times)
NDregger
Jr. Member
Posts: 54
Karma: 0
Mobile Client - Best Solution?
«
on:
October 17, 2022, 07:56:47 pm »
Hello Forum,
i hope my english is good enough to explain my wishes for my OPNsense.
I startet with VPN for nearly twenty years using AVM (a german manufacturer), than switched to Bintec (also german) but both are no longer powerfull enough for my wishes an needs.
I´m very happy with firewall, multi WAN and so on, but currently i´m unable to use my most needed feature: Mobile Client connectivity.
With my old bintec it was easy: On Windows i used the Shrew Soft VPN Client for IKEv1 Connectivity, Android and iPhone connectet with their native clients.
Now, after switch to OPNsense, i have to find a working solution, if possible without client software. Is this a possible problem?
I thought it would be possible to realize it using IKEv2 with mobile client support, but right now i´m even to stupid to configure it running with all i need: I get a connection and IP packets are routed, but i have no name resolution. Windows 10 / 11 are connecting, but if i run ipconfig /all after establishing the connection there is no configured DNS Server or suffix on my client - and that even while i´ve configured both on my OPNsense.
My questions:
- is IKEv2 the correct solution for my needs?
- if IKEv2 is the correct soultion - how can i realize it that Windows is recognizing DNS Server and Suffix?
- if IKEv2 isn´t the correct solution - what´s the correct way for my needs?
Norbert
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: Mobile Client - Best Solution?
«
Reply #1 on:
October 18, 2022, 11:48:09 am »
I use WireGuard personally.
Logged
Patrick M. Hausen
Hero Member
Posts: 6795
Karma: 571
Re: Mobile Client - Best Solution?
«
Reply #2 on:
October 18, 2022, 12:44:36 pm »
WireGuard does not scale very well, because there is no mechanism comparable to XAUTH. IPsec and OpenVPN can both use Active Directory based AAA, for example.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
tiermutter
Hero Member
Posts: 1095
Karma: 61
Re: Mobile Client - Best Solution?
«
Reply #3 on:
October 18, 2022, 01:26:34 pm »
To avoid the need of special client software, IPsec is the way to go, as WG and OVPN are not implemented in Windows.
I`m using WG because it offers great speed, but OVPN is always configured as fallback when WG will not work from time to time for unknown reasons.
I never used IPsec, so I can`t troubleshoot your DNS problems, with both WG and OVPN I have no issues using the Sense (AGH) as DNS server.
Logged
i am not an expert... just trying to help...
NDregger
Jr. Member
Posts: 54
Karma: 0
Re: Mobile Client - Best Solution?
«
Reply #4 on:
June 30, 2023, 12:40:45 pm »
We´re currently switching all Client VPNs to OpenVPN witch works great for use becaus we can provide all functions we want:
- Authentication against Windows Domain Controller
- Access rules for groups and users
- Easy client setup on all used operating systems including mobile devices
Best regards from rainy germany
Norbert
Logged
tiermutter
Hero Member
Posts: 1095
Karma: 61
Re: Mobile Client - Best Solution?
«
Reply #5 on:
June 30, 2023, 02:59:52 pm »
Sounds good.
Also best regards from rainy Germany...
Logged
i am not an expert... just trying to help...
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
Mobile Client - Best Solution?