Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Log in
VIEWS Page Discussion View source History NAVIGATION Main Page New articles Recent changes Available categories Random page Help TOOLBOX What links here Related changes Special pages Printable version Permanent link
Mobile Clients
Check "Enable IPsec Mobile Client Support" Check "Provide a virtual IP address to clients"
pdfcrowd.com
Check "Provide a virtual IP address to clients" Enter an unused subnet in the box, pick a subnet mask Set any other desired options here Save, apply, create p1 if it doesn't exist.
Phase 1 settings
Authentication method: Mutual PSK + Xauth Negotiation mode: aggressive My identifier: My IP address Peer identfier: User Distinguished Name, vpnusers@example.com Pre-Shared Key: aaabbbccc Policy Generation: Unique Proposal Checking: Strict Encryption Algorithm: AES 128 Hash Algorithm: SHA1 DH Key Group: 2 Lifetime: 86400 NAT Traversal: Force Save
Phase 2 settings
Mode: Tunnel Local Network: (your local network) Protocol: ESP Encryption Algorithms: AES 128 *only* Hash Algorithms: SHA1 *only* PFS key group: off Lifetime: 28800 Save, apply
User Settings
Go to System > User Manager Add a user, grant the user the xauth dialin permission, or add to a group with this permission. Note that for xauth, the password used is the password for the user, not the "IPsec Pre-Shared Key" field. That is used for non-xauth IPsec.
Firewall Rules
Don't forget to add firewall rules to pass traffic from clients
pdfcrowd.com
Firewall > Rules, IPsec tab Add rules that match the traffic you want to allow, or add a rule to pass any protocol/any source/any destination to allow everything.
IPsec SA Preference
System > Advanced, Miscellaneous tab. Uncheck "Prefer Old IPsec SA"
pdfcrowd.com
Troubleshooting
By default iOS will tunnel all traffic over the VPN, including traffic going to the Internet. If you are unable to access Internet sites once connected, you may need to push a DNS server to the client for it to use, such as the LAN IP address of your firewall if you have the DNS forwarder enabled, or a public DNS server such as 8.8.8.8/8.8.4.4. The reason for the above is that your 3G provider is likely giving your mobile devices DNS servers that are only accessible from their network. Once you connect to the VPN the DNS servers are now being accessed via the VPN instead of the 3G network, and the queries are likely to be dropped. Supplying a local/public DNS server will work around that.
PRIVACY POLICY
ABOUT PFSENSEDOCS
DISCLAIMERS
This page w as last modified on 16 January 2013, at 22:28. This page has been accessed 35,341 times.
pdfcrowd.com