Project

General

Profile

Feature #8346

Updated by Jim Pingle almost 2 years ago

It Since it seems impossible for two PC in the LAN network to connect as Road Warriors to a remote VPN IPSec server, it would be useful to let pfSense PFSense act as a VPN client itself and let it share a mobile style the dialup VPN connection to a remote server.  

 This would require multiple changes As far as I have seen, it should be supported by strongSwan (https://www.cisco.com/c/en/us/support/docs/network-management/remote-access/117257-config-ios-vpn-strongswan-00.html), just it is needed to IPsec and interfaces: 

 * IPsec P1 would need a way to configure IKEv2 authentication (e.g. EAP type, user/pass, etc.) 
 * IPsec configuration would need a way to pull a dynamic address it through the pfSense GUI.  
 The two missing information for this kind of VPN connections are the XAuth Identity and other settings from password, plus the server (e.g. "vips" config in strongSwan, along with other settings different parameters, like DNS, gateway authby=xauthpsk, leftauth2=xauth and so on) 

   * It's not clear if on.  

 I create this would work with enc0 or would need a dedicated interface like VTI 

 * Would need a way to assign that interface issue in the UI so it could be used Redmine just as proposal for typical interface things, if possible 
 * Not clear if it would suffer the same limits for NAT that currently exist, which complicates things further. 
 future versions.

Back