|
For a mobile IPsec client, I use the Shrew Soft VPN Client. Others may work with similar settings, but I have used this configuration on several client workstations with success.
Install the Shrew Soft client and configure a new connection as follows:
Shrew Soft Client Config:
General Tab:
Host:
Port: 500
Auto: Disabled
Adapter: Use virtual adapter and assigned address
Address: (pick some other random range you are not using, like 192.168.111.xx)
Netmask: 255.255.255.0
The client address range should be a subnet of IP addresses that is not in use on any current interface. It cannot overlap any existing network that pfSense can reach directly.
Client Tab:
Leave at defaults
Name Resolution Tab:
Uncheck Enable WINS
Uncheck Enable DNS
Authentication Tab:
Authentication Method: Mutual PSK
Local Identity:
Type: Key Identifier
Key ID: E-mail address
Remote Identity:
Type: IP Address
[X] Use Discovered remote host address
Credentials:
Pre Shared Key: (PSK on server for this e-mail address)
Phase 1:
Exchange Type: aggressive
DH Exchange: Group 2
Cipher Algorithm: 3DES
Hash Algorithm: SHA1
Key Life Time: 86400
Phase 2:
Transform Algorithm: esp-3des
HMAC Algorithm: SHA1
PFS: Disabled
Compress: disabled
Key Life Time: 3600
Policy:
UNCHECK Obtain Topology Automatically
Click Add
Type: Include
Address: (Network behind pfSense you want to access, e.g. 192.168.1.0)
Netmask: 255.255.255.0 (Or the appropriate Netmask for that network)
Using the Shrew Soft client is relatively easy, but if more details are needed, let me know.
| 
