Project

General

Profile

Actions

Feature #8346

open

Allow pfSense to act as an IPsec VPN client

Added by Michele Di Maria over 6 years ago. Updated almost 2 years ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

It would be useful to let pfSense act as a VPN client itself and let it share a mobile style VPN connection to a remote server.

This would require multiple changes to IPsec and interfaces:

  • IPsec P1 would need a way to configure IKEv2 authentication (e.g. EAP type, user/pass, etc.)
  • IPsec configuration would need a way to pull a dynamic address and other settings from the server (e.g. "vips" config in strongSwan, along with other settings like DNS, gateway and so on)
    • It's not clear if this would work with enc0 or would need a dedicated interface like VTI
  • Would need a way to assign that interface in the UI so it could be used for typical interface things, if possible
  • Not clear if it would suffer the same limits for NAT that currently exist, which complicates things further.

Related issues

Has duplicate Bug #13788: Allow IPSEC .vips-configuration in GUI - connections.<conn>.vips ModeConfigDuplicate

Actions
Actions #1

Updated by Jim Pingle almost 2 years ago

  • Subject changed from Let pFSense act as an IPSec XAuth VPN Client to Allow pfSense to act as an IPsec VPN client
  • Description updated (diff)
  • Priority changed from Normal to Low
  • Target version deleted (Future)
  • Start date deleted (02/23/2018)

Making this more general since Xauth is pretty much dead.

Actions #2

Updated by Jim Pingle almost 2 years ago

  • Has duplicate Bug #13788: Allow IPSEC .vips-configuration in GUI - connections.<conn>.vips ModeConfig added
Actions

Also available in: Atom PDF