On Apr 11, 2011, at 4:07 PM, RB wrote: > I'm actually pretty interested in the fact that on the surface it > looks like 2.0 can support the OS X 10.6 native Cisco VPN client out > of the box. Has anyone had any success doing so? OpenVPN and > Viscosity/Tunnelblick are nice, but not having to pay $9/client and > not installing additional software is even more so.
The latter aspect is what motivates me to try and get IPsec working fully. :-) I have had some success with the built-in Cisco IPSec client, with problems documented here: http://www.mail-archive.com/support@pfsense.com/msg21912.html. I am using Mutual PSK + Xauth with AES-256 and SHA-1 in my Phase 1 proposal. I have two Phase 2 entries: one for each private network behind the pfSense gateway. In the mode-cfg section of the Mobile Clients section I provide a private DNS default domain and DNS server to clients. This split DNS appears to work well. I've been able to connect from Mac OS X 10.6 systems and iPhones/iPod Touches. Unfortunately, the setup only appears to work properly when clients are connecting from behind a NAT (i.e., when IPsec NAT-T is being used). I'm new to pfSense, so I'm not sure whether the problem lies with my configuration or with the Mac OS X client side. :-( > Going to try testing this week. I'd be very interested in hearing if you manage to get non NAT-T connections working. Cheers, Paul. --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
