Netgate SG-1000 microFirewall

Author Topic: IPSec PSK+XAuth Client - How to set XAuth option?  (Read 423 times)

0 Members and 1 Guest are viewing this topic.

Offline flob

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
IPSec PSK+XAuth Client - How to set XAuth option?
« on: November 02, 2017, 09:45:19 am »
Hi!

Is it possible to setup pfSense as a IPSec client with PSK + XAuth?

We have a customer whose network we need to connect to and they have only that VPN configured (and working with other clients).
I can connect with my Android phone, with a Windows client, but I can't find an option in the IPSec setup. For 'Authentication Method ' only 'Mutual PSK' and 'Mutual RSA' are available.

I tried to hack the /var/etc/ipsec/* configs but without any success. I tried to dig into the source to find where those options are set, but I am lost.
It seems I need to add a line to ipsec.secrets with XAUTH type and add some (left|right)auth2 = xauth to ipsec.conf, ... but without any luck so far :-/

Does anybody know how to enable pfSense as a IPSec client with PSK+XAuth?

If that is not possible, where could I look in the source to enable it? Is there a guide how a setting is passed through from UI to a config? And then what would be needed in the strongswan? config?


Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21742
  • Karma: +1503/-26
    • View Profile
Re: IPSec PSK+XAuth Client - How to set XAuth option?
« Reply #1 on: November 02, 2017, 02:53:33 pm »
No, it is not possible for pfSense to act in that role.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline Daz22

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: IPSec PSK+XAuth Client - How to set XAuth option?
« Reply #2 on: December 16, 2017, 11:26:56 am »
Yes this is possible.

VPN/IPSEC/MOBILE CLIENTS
Enable IPSEC mobile client support

User database
Local database (selected)

Save

In your p1 entry you should now have the option under p1 proposal.


Make sure when you create your users you go back in and add the XAUTH VPN User dial-in


Hopes this helps!

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21742
  • Karma: +1503/-26
    • View Profile
Re: IPSec PSK+XAuth Client - How to set XAuth option?
« Reply #3 on: December 18, 2017, 08:15:57 am »
Yes this is possible.

VPN/IPSEC/MOBILE CLIENTS
Enable IPSEC mobile client support

User database
Local database (selected)

Save

In your p1 entry you should now have the option under p1 proposal.


Make sure when you create your users you go back in and add the XAUTH VPN User dial-in


Hopes this helps!

That's the wrong direction. That sets up an Xauth server. OP wants pfSense to act as an Xauth client to a remote server.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!