Hi, This concerns mobile clients ....
I have multiple VPN users running agains a OpenBSD atm, but I want to convert it into a pfsense box, they all use the same preshared key right now, and I dont want to change them. In the other setup I could specify a wildcard ip as 0.0.0.0 that they use as the identifier, but that does not work here, here I need to enter the LAN ip address of the client like: 192.168.32.200 then the client connects just fine .... and I dont want to enter all possible IP addresses that the clients could get :-) ? are there anything I'm missing here? how can I specify that all ip's can use this preshared with ipsec vpn? 0.0.0.0 does not work, but as mentioned above it works when I enter they LAN ip address.... I will happely supply any additional information if needed .... kind regards Mikael Syska
<ipsec> <preferredoldsa/> <enable/> <mobileclients> <enable/> <p1> <mode>main</mode> <myident> <myaddress/> </myident> <encryption-algorithm>3des</encryption-algorithm> <hash-algorithm>md5</hash-algorithm> <dhgroup>2</dhgroup> <lifetime/> <private-key/> <cert/> <authentication_method>pre_shared_key</authentication_method> </p1> <p2> <protocol>esp</protocol> <encryption-algorithm-option>3des</encryption-algorithm-option> <hash-algorithm-option>hmac_sha1</hash-algorithm-option> <pfsgroup>0</pfsgroup> <lifetime/> </p2> </mobileclients> <mobilekey> <ident>0.0.0.0</ident> <pre-shared-key>xxxxxxx(changed)</pre-shared-key> </mobilekey> </ipsec>