Actions
Feature #8346
openAllow pfSense to act as an IPsec VPN client
Status:
New
Priority:
Low
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Description
It would be useful to let pfSense act as a VPN client itself and let it share a mobile style VPN connection to a remote server.
This would require multiple changes to IPsec and interfaces:
- IPsec P1 would need a way to configure IKEv2 authentication (e.g. EAP type, user/pass, etc.)
- IPsec configuration would need a way to pull a dynamic address and other settings from the server (e.g. "vips" config in strongSwan, along with other settings like DNS, gateway and so on)
- It's not clear if this would work with enc0 or would need a dedicated interface like VTI
- Would need a way to assign that interface in the UI so it could be used for typical interface things, if possible
- Not clear if it would suffer the same limits for NAT that currently exist, which complicates things further.
Related issues
Updated by Jim Pingle almost 2 years ago
- Subject changed from Let pFSense act as an IPSec XAuth VPN Client to Allow pfSense to act as an IPsec VPN client
- Description updated (diff)
- Priority changed from Normal to Low
- Target version deleted (
Future) - Start date deleted (
02/23/2018)
Making this more general since Xauth is pretty much dead.
Updated by Jim Pingle almost 2 years ago
- Has duplicate Bug #13788: Allow IPSEC .vips-configuration in GUI - connections.<conn>.vips ModeConfig added
Actions