On 9/9/2011 5:00 PM, Jens Kühnel wrote: > thanks a lot for the confirmation. And special thanks to Jim. Your doc > is what I'm using at the moment. > > On an similar notion. > > PFSense 2.0 does not support IKEv2. > > Correct? > I will need Shrew and can't use native Windows7 IPSec Client?
You can't do L2TP+IPsec on 2.0, not the way most people expect it to work. It might work with Shrew, but it definitely does not work with Android/iOS. The problem is that most clients force the identifier to be their IP address, which in that kind of scenario is dynamic. Because you can't set the identifier in that scenario, it requires the server to accept anonymous PSKs, which is rather insecure. You may be able to tame the Shrew into doing the right thing though. Jim _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
