Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
IPSec - Multiple phase 1 configuration issue
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSec - Multiple phase 1 configuration issue (Read 2246 times)
dsimoes
Newbie
Posts: 2
Karma: 0
IPSec - Multiple phase 1 configuration issue
«
on:
March 26, 2020, 03:10:14 pm »
Hi everyone,
I'm trying to accomplish the following:
- Setup IPSec VPN with EAP-MSCHAPv2 via IKEv2 (Windows machines RoadWarriors)
- Setup IPSec VPN with Mutual PSK +Xauth via IKEv1 (Android RoadWarriors)
I configured each one of the above alone and they work properly, but I cannot get both scenarios setup.
In theory It should be possible by adding a new Phase 1 tunnel, but as soon as I configure one of the above, the second phase one only shows me these as possible choice for Authentication Method:
- Mutual RSA
- Mutual Public Key
- Mutual PSK
What am I missing? Is this not possible?
Thank you for your help.
Logged
dsimoes
Newbie
Posts: 2
Karma: 0
Re: IPSec - Multiple phase 1 configuration issue
«
Reply #1 on:
March 30, 2020, 03:46:06 pm »
Ok, so no replies here
I searched a bit more, even on pfsense side, and it seems this is a limitation of the GUI for configuring such scenarios.
It's too bad, my old VPN (debian + strongswan) was configured this way and it was pretty straight forward.
I guess maybe the solution is to try to configure ipsec.conf manually? the issue is that eventually It will get replaced by the OPNsense GUI / services..
Logged
hbc
Hero Member
Posts: 501
Karma: 47
Re: IPSec - Multiple phase 1 configuration issue
«
Reply #2 on:
April 02, 2020, 10:11:53 pm »
Just use the
/usr/local/etc/ipsec.opnsense.d
directory for your manual configuration files. They get included and are not affected by GUI changes.
Different lease pools for groups, dual-stack pools, eap-radius, etc. There you can use whole bunch of strongswan features that are not accessible by GUI.
There exist also
strongswan.opnsense.d
and
ipsec.secrets.opnsense.d
«
Last Edit: April 02, 2020, 10:13:32 pm by hbc
»
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
IPSec - Multiple phase 1 configuration issue