Bug #874

Creating IPSec Phase1 failes in BETA4-20100904-0228

Added by Rickard u over 9 years ago. Updated over 9 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Affected Version:
Affected Architecture:


I am new to pfSense, but i must say I like it, so It might be a newbe error :)

When I try to start and setup the IPSec for mobile clients i get the following error:

The following input errors were detected:
The field 'Certificate Authority' is required.


#1 Updated by Jim Pingle over 9 years ago

  • Status changed from New to Rejected

It works fine if you select a method that does not require a certificate. It also works fine if you select RSA mode and choose a CA and Certificate.

If you use a method that requires a certificate, you must also have a certificate authority created/imported/chosen as well as the certificate itself.

Please use the forum, mailing lists, or IRC for support issues.

#2 Updated by Roop Singh over 9 years ago

Build Sat Sep 4 11:27:25 EDT 2010

140 $method = $pconfig['authentication_method'];
141 // Only require PSK here for normal PSK tunnels (not mobile) or xauth.
142 if ((($method "pre_shared_key") && (!$pconfig['mobile']))||($method "xauth_psk_server")) {
143 $reqdfields = explode(" ", "pskey");
144 $reqdfieldsn = array(gettext("Pre-Shared Key"));
145 } else {
146 $reqdfields = explode(" ", "caref certref");
147 $reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));

Using PSK shouldn't prompt me for a CA but it does. I'm commenting out lines 146 and 147 just so I can create a phase 1 setting.

#3 Updated by Jim Pingle over 9 years ago

I have tried both a normal and mobile tunnel, and none of the PSK modes prompt me for a CA.

Again, please use the forum to gain additional feedback, not the ticket system.

#4 Updated by Roop Singh over 9 years ago

Very well, Rickard u here's my forum post:,28064.0.html

Also available in: Atom PDF