Netgate SG-1000 microFirewall

Author Topic: IKEv2  (Read 10167 times)

0 Members and 1 Guest are viewing this topic.

Offline AuZZZie

  • Jr. Member
  • **
  • Posts: 30
  • Karma: +0/-0
    • View Profile
IKEv2
« on: August 20, 2012, 06:09:43 pm »
Does pfSense 2 support IKEv2?

If not.. Why? A lot of vendors have had it since 2008.

Offline dhatz

  • Hero Member
  • *****
  • Posts: 1000
  • Karma: +5/-0
    • View Profile
Re: IKEv2
« Reply #1 on: August 20, 2012, 07:03:52 pm »
The short answer is no, since pfSense is currently using ipsec-tools (racoon) which only supports IKEv1.

Perhaps at some point in the future it may be replaced with StrongSWAN (http://wiki.strongswan.org/projects/strongswan/wiki/FreeBSD) which supports IKEv2.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21312
  • Karma: +1423/-26
    • View Profile
Re: IKEv2
« Reply #2 on: August 21, 2012, 07:19:25 am »
I doubt such a switch would happen, the times I have been forced to interact with StrongSWAN have not been pleasant, and the amount of work to switch it would be significant.

There is also Racoon2 but it doesn't seem to be very active.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline dhatz

  • Hero Member
  • *****
  • Posts: 1000
  • Karma: +5/-0
    • View Profile
Re: IKEv2
« Reply #3 on: August 21, 2012, 08:24:31 am »
I guess this feature request is going to come up more often in the near future, by all those who need a Roadwarrior VPN solution that, unlike OpenVPN, won't require any software install on the client device.

Since PPTP is practically dead, we're left with L2TP/IPSec (MS Windows versions pre-Win7) and IPsec IKEv2 (Win7), none of which is currently supported by pfSense ...

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21312
  • Karma: +1423/-26
    • View Profile
Re: IKEv2
« Reply #4 on: August 21, 2012, 09:08:45 am »
That may be, but that doesn't mean it'll happen any sooner.

Not unless someone either steps up and does the work or funds it.

OpenVPN works great, there's really no reason to stick to the old "I don't want to install a client" mantra.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline stephenminta

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: IKEv2
« Reply #5 on: October 25, 2012, 08:42:42 pm »
Open VPN would be great if only Apple would allow the ap in the app store.............

Am I correct in the statements:

Mobile ipsec works with ios natively but not with windows 7,
openvpn works with windows 7 (with client installed) but not on an unjail broken iphone

Really want to avoid having to run both.

Any input greatly appreciated.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21312
  • Karma: +1423/-26
    • View Profile
Re: IKEv2
« Reply #6 on: October 30, 2012, 09:42:39 am »
Mobile IPsec works with pretty much anything except Windows' built-in client. You can install the Shrew Soft client to make it work there.

OpenVPN works with pretty much anything except iOS.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!