On 06/17/2015 09:53 AM, Adam Thompson wrote: > So far, PPTP and IKEv2 (using EAP-MSCHAPv2) appear to be the only > options, and while PPTP works fine, it's insecure. (This isn't actually > a problem for my use case, but since it's going away and certainly isn't > getting any love in pfSense, I'm leaving it behind.) > > IKEv2 just... never works. I'm pretty darn sure (99.999%) my > certificate meets the requirements. > > Are there any tricks that aren't obvious?
I've set it up several times, all of the knowledge I've been able to gather has been dumped into the wiki: https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2 https://doc.pfsense.org/index.php/IKEv2_with_EAP-TLS I marked the most commonly missed and most important parts of the configs with a warning graphic to help them stand out. Usually problems are with the certificate, either with generating the cert (missing the SAN, for example) or importing it into the client properly (perhaps it wasn't imported into "Trusted Root Certification Authorities" under "Local Machine"). Jim _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
