Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
Ipsec
« previous
next »
Print
Pages: [
1
]
2
Author
Topic: Ipsec (Read 16544 times)
vadimkara
Newbie
Posts: 6
Karma: 0
Ipsec
«
on:
July 12, 2016, 03:06:01 pm »
Why there is no EAP-MSACHAPv2, authentication method? It's very usefull to connect remote desktop stations.
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Ipsec
«
Reply #1 on:
July 12, 2016, 03:27:02 pm »
at least it looks possible:
https://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig
Logged
vadimkara
Newbie
Posts: 6
Karma: 0
Re: Ipsec
«
Reply #2 on:
July 12, 2016, 04:55:55 pm »
its 100% possible in strongswan, but no frontend for this feature
Logged
AdSchellevis
Administrator
Hero Member
Posts: 907
Karma: 184
Re: Ipsec
«
Reply #3 on:
July 12, 2016, 09:37:10 pm »
Hi vadimkara,
eap-mschapv2 should be quite easy to add, I don't have time to test, but if you want to give it a try, this commit may work:
https://github.com/opnsense/core/commit/4638d99c0a51a3286f324f0036310e95ce81fef2
Code:
[Select]
opnsense-patch 4638d99c
The config is generated to /usr/local/etc/ipsec.conf.
Regards,
Ad
Logged
vadimkara
Newbie
Posts: 6
Karma: 0
Re: Ipsec
«
Reply #4 on:
July 13, 2016, 08:55:24 am »
Plaease add "Peer identifier" any, and fix ui bug
Logged
AdSchellevis
Administrator
Hero Member
Posts: 907
Karma: 184
Re: Ipsec
«
Reply #5 on:
July 13, 2016, 08:49:10 pm »
Did you try the current setup and inspect the config?
I don't think peer identifier is used for other then psk options..... (see function ipsec_find_id() and use of it in ipsec.inc)
In case you don't have time to test, please let me know, I can easily revert/undo the changes.... like I said, I don't have enough time at the moment to test this myself.
Logged
vadimkara
Newbie
Posts: 6
Karma: 0
Re: Ipsec
«
Reply #6 on:
July 18, 2016, 07:01:01 am »
dont working at all error 809
Logged
AdSchellevis
Administrator
Hero Member
Posts: 907
Karma: 184
Re: Ipsec
«
Reply #7 on:
July 18, 2016, 11:40:41 am »
ok, I've reverted the changes.
In case you want to investigate further and pinpoint the needed changes in ipsec.conf for your configuration, just let me know. It's probably very easy to add, as long as you have a setup to test and time to spare.
Logged
voltara2000
Newbie
Posts: 6
Karma: 0
Re: Ipsec
«
Reply #8 on:
October 01, 2016, 04:32:25 am »
Could you please add option to select preshared key as EAP or PSK.
If I manually go to var/local/etc/ipsec.secrets and change default PSK to EAP after restart ipsec service via gui I end up with key type set as PSK again. When I do connect from windows 7 using EAP-MSCHAPv2 the log on opnsense shows that it is missing EAP key to authenticate.
Thank you.
Logged
AdSchellevis
Administrator
Hero Member
Posts: 907
Karma: 184
Re: Ipsec
«
Reply #9 on:
October 01, 2016, 08:44:24 am »
Hi Voltara2000,
Can you create an issue on github (
https://github.com/opnsense/core/issues
) for your feature request?
This helps us keeping track of our open requests.
Best regards,
Ad
Logged
voltara2000
Newbie
Posts: 6
Karma: 0
Re: Ipsec
«
Reply #10 on:
October 11, 2016, 04:39:14 pm »
Hi,
Unfortunately, I don't have an account for github. Don't want to open one just for this. Could you or someone else make a future request on github? This should allow using windows 7, 8 or 10 build in vpn to be able to make roadwarrior to office network.
Thank you,
Andrei
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Ipsec
«
Reply #11 on:
October 11, 2016, 10:17:51 pm »
Created:
https://github.com/opnsense/core/issues/1214
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: Ipsec
«
Reply #12 on:
October 12, 2016, 07:07:11 pm »
And fixed.
Logged
voltara2000
Newbie
Posts: 6
Karma: 0
Re: Ipsec
«
Reply #13 on:
October 13, 2016, 03:26:59 pm »
Thank you very much!
Cannot wait to give this a test. Would this fix be included in 16.7.7 update?
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Ipsec
«
Reply #14 on:
October 13, 2016, 03:30:37 pm »
If you cannot wait you can use the opnsense-patch utility on the command line to fetch the commit
Logged
Print
Pages: [
1
]
2
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
Ipsec