Hey, Its where I'm setting the pre-shared keys on the pfsense box ... The only thing the VPN client on the mobile clients seems to complain about is that is can find a key to use ... :-(
Well, maybe I have just missed something ... Will try again later today. This is the setup I'm trying to do on the pfsense box Isakmpd.conf file from the openbsd box ... [General] Retransmits= 8 Exchange-max-time= 120 Check-interval= 60 Renegotiate-on-HUP= 1 Policy-file= /etc/isakmpd/isakmpd.policy Listen-on= (changed) # X.509 certificate locations [X509-certificates] CA-directory= /etc/isakmpd/ca/ Cert-directory= /etc/isakmpd/certs/ [Phase 1] Default= ISAKMP-clients [Phase 2] Passive-Connections= IPsec-clients # Phase 1 peer sections ####################### [ISAKMP-clients] Phase= 1 Transport= udp Configuration= PGP-main-mode Authentication= xxxxx(changed) # ID= my-ID [my-ID] ID-Type= FQDN Name= xxx.xxx.xx # Phase 2 sections ################## [IPsec-clients] Phase= 2 Configuration= PGP-quick-mode Local-ID= default-route Remote-ID= dummy-remote # Virtual Addresses for remote users #################################### # In order to get this to work you need to add one [ufqdn/email_address] # section per user that needs a virtual address. [ipv4/62.242.60.170] Address= 192.168.10.80 Netmask= 255.255.255.0 Nameserver= 192.168.10.10 # WINS-server= 10.0.1.2 # Client ID sections #################### [default-route] ID-type= IPV4_ADDR_SUBNET Network= 0.0.0.0 [dummy-remote] ID-type= IPV4_ADDR Address= 0.0.0.0 [PGP-main-mode] DOI= IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-MD5,3DES-MD5-RSA_SIG [PGP-quick-mode] DOI= IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-3DES-MD5-SUITE [3DES-MD5] ENCRYPTION_ALGORITHM= 3DES_CBC HASH_ALGORITHM= MD5 AUTHENTICATION_METHOD= PRE_SHARED GROUP_DESCRIPTION= MODP_1024 Life= LIFE_1_DAY [3DES-MD5-RSA_SIG] ENCRYPTION_ALGORITHM= 3DES_CBC HASH_ALGORITHM= MD5 AUTHENTICATION_METHOD= RSA_SIG GROUP_DESCRIPTION= MODP_1024 Life= LIFE_1_DAY # Lifetimes ########### [LIFE_1_DAY] LIFE_TYPE= SECONDS LIFE_DURATION= 86400,79200:93600 Kind regards Mikael Syska -----Oprindelig meddelelse----- Fra: Holger Bauer [mailto:[EMAIL PROTECTED] Sendt: 17. oktober 2006 16:31 Til: [email protected] Emne: RE: [pfSense-discussion] IPSEC with wildcard for pre-shared keys Not really getting the problem. Where do you try to set the wildcard IP? at the mobile clients tab or at the preshared keys tab? Usually the identifier is just to identify the client (just like the name says) and shouldn't have anything to do with routing. Holger > -----Original Message----- > From: Mikael Syska [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 17, 2006 4:08 PM > To: [email protected] > Subject: [pfSense-discussion] IPSEC with wildcard for pre-shared keys > > > Hi, > > This concerns mobile clients .... > > I have multiple VPN users running agains a OpenBSD atm, but I want to > convert it into a pfsense box, they all use the same preshared key > right now, and I dont want to change them. > > In the other setup I could specify a wildcard ip as 0.0.0.0 that they > use as the identifier, but that does not work here, here I need to > enter the LAN ip address of the client like: 192.168.32.200 then the > client connects just fine .... and I dont want to enter all possible > IP addresses that the clients could get :-) ? are there anything I'm > missing here? > > how can I specify that all ip's can use this preshared with ipsec vpn? > 0.0.0.0 does not work, but as mentioned above it works when I enter > they LAN ip address.... > > I will happely supply any additional information if needed .... > > kind regards > Mikael Syska >
