If you have them already, then you can skip the following three parts, if not, I’ll show you how to create them. In order for the VPN config to work we’ll need a Certificate Authority (CA) and a server certificate. Install libraries and plugins for strongSwan client.Windows 10, Windows 2012R2, Windows 2016 clients.The certificate is the same for all clients, but the username/password is not.
How this works? Each client will receive a certificate and a username and a password. Unfortunately, pfSense does not support multiple mobile clients configs as of 2.4.2. I will use only one pfSense config for all mobile clients. If you are using different versions of the OS or the client, it might not work. I’ll write the version of the server/client for each configuration, so you’ll know that it works.
There are a lot of different versions of VPN IPsec implementation, so even the slightest updates can make the VPN fail. I’ll be using IPsec IKEv2 AES256/SHA256/MSChapV2/DH14 on the pfSense side (strongSwan IPsec implementation) and the clients will use various VPN clients. I’ve used the official howto from pfSense, but it’s a little bit outdated and it doesn’t cover Linux/FreeBSD non-GUI, so there are some changes that I’ve made. Lately, I was playing with pfSense trying to access my internal resources from outside (mostly my Plex server) so I made this tutorial on how to access my home network.
0 kommentar(er)
