Gotcha! The OpenVPN app was just recently updated, not sure if you have seen it.
Good luck! If you are able to get it working, please post!
Exactly my sentiment.
The new 3.x version of the OpenVPN app is actually pretty nice, and I’ve got no issues with it at all. Works great. OpenVPN is a generally the “it just works” client where IPSEC just seems like it requires endless knob-fiddling—then even when(if?) you get a combination that works, all it takes is one badly configured WiFi network at the airport to unravel all your efforts.
Nice! I’m glad that link worked.
I know that link. (first one) but i ran into a snag when I installed apple configurator and needed some sort of business login to use it (or something to that effect). When i reached that point I basically capitulated and bowed down to the power of the openVPN app
Here you go
This is great, thank you. Very close to my config - do you happen to remember how you setup the payload for iOS to work with this config?
like it requires endless knob-fiddling—then even when(if?) you get a combination that works, all it takes is one badly configured WiFi network at the airport to unravel all your efforts.
Weird I travel a lot for my job and have never experience any of the things you have mentioned above
No business account needed. I just downloaded it from apple and away I went. Maybe some screenshots of what youre seeing?
Is ‘payload’ the management profile? I’m not too familiar with the terminology on that. What I like about my setup is I didn’t have to do anything with that. I can just manually configure the VPN in iOS directly:
Type: IKEv2
Server: [my FQDN w/ Lets encrypt cert]
Remote ID: [same as server]
Local ID: [blank]
User auth: Username
Username: [EAP PSK identifier]
Password: PSK
See that is what i was hoping you would say - but I just tried setting it up on the iOS client and it’s still failing. Are you on the latest iOS and pfS?
Yes I am on the latest for both. The issue probably lies with pfsense since the iOS setup is pretty simple.
- I think more info is needed. Can you post your:
- IKEv2 settings
- firewall settings
- IPsec logs (Status / System Logs / IPsec)
- Are you still using your own CA?
- Does your server cert have a non-wildcard domain/subdomain? If not, try ensuring your cert isn’t relying on a wildcard.
- Or did you test with a lets encrypt cert?
- You definitely need a cert with a domain/sub-domain. You cannot have a wildcard and a sub-domain on the same cert with lets encrypt.
- Are you testing on your WLAN? Is this allowed by your settings?
- I’d recommend testing from cellular
- Is your install still working on windows?
- Do you have access to an android device? the strongswan client will give more client log info
Ok, sorry it took me a bit - had some business travel to attend to.
https://imgur.com/a/0dyMrqX are some screenshots from my config. Still not working. It looks to me from the log that it can’t negotiate the right cipher from iOS based on the log entries. I added a snipit to the images as well.
Would love any of your input!
Just circling back on this - would love you to take a look at my settings! @hockey6611
This
After looking at https://grokdesigns.com/pfsense-ikev2-for-ios-macos-1/ and combining that with https://www.netgate.com/docs/pfsense/vpn/ipsec/ikev2-with-eap-tls.html#Import_the_CA_to_the_Client_PC, I was able to get Win10 and iOS working. Note the comment on setting the connection algorithms on part of of the first link! This was the formula for me to get it working.