IKE v2 - cannot get it to work on latest version

[_pX_]

Hi, I've got a few OPNsense installations with some VPN (roadwarrior and also site-to-site) but cannot get road warior scenario to work on latest version of OPNsense.
Does the guide is still valid for the new version? I went through using Tunnel Setting (legacy) and it doesn't work for me - I get 809 error on Windows Ras client. I tried two different installations, on two different locations.
Any thoughts?

[Monviech (Cedrik)]

Maybe this can help you.

https://forum.opnsense.org/index.php?topic=35840.0

[_pX_]

Thank you.
Tried method 1 without success - still getting error 809 in Windows RAS Client.
I use self signed certs like in old manual - is this OK?
Also you omitted local name in Pre-Shared Keys but there is no way to save such a combo...
Another question: does the user name in client should be written as "john" or "john@fqdn"?

[Monviech (Cedrik)]

EDIT: You were right I corrected the mistake.

In pre shared keys the type is EAP and not PSK.
And the username can be anything you want, you can also just use john. In the client it has to be written the same as in the EAP Local Identifier. (So if the eap local identifier is john@fqdn, in the client the username is also john@fqdn)

Self signed certificate should still work if the certificate chain. is in the window certificate store.

Also please verify that your firewall accepts udp 500 and udp 4500 and esp on the WAN port. The new IPsec configurations don't automatically add firewall rules anymore.

I have tested both configurations thoroughly so your feedback is really welcome if you find mistakes somewhere.