mimugmail
commented
5 years ago You shouldn't use LE for private VPNs. Please use an own PKI where you control which CA is installed, then you will not see any problems.
Closed rudiservo closed 4 years ago
mimugmail
commented
5 years ago You shouldn't use LE for private VPNs. Please use an own PKI where you control which CA is installed, then you will not see any problems.
rudiservo
commented
5 years ago @mimugmail I did try with my own PKI, it didn't work in Windows 10, even after importing it I can check again the certificate and the CA. But I am pretty much giving up on the idea of mobike, I cant see any feasible way to do per user/group ACL's or FW rules, so I am probably going to shift all users to OpenVpn.
mimugmail
commented
5 years ago Which guide did you follow? I tested many combinations and most of them work.
rudiservo
commented
5 years ago @mimugmail about 4 different ones including the one on the OpnSense
mimugmail
commented
5 years ago And which one of the 4 shall I use to reproduce? 1, 2, 3, or maybe 4? https://docs.opnsense.org/manual/vpnet.html#configuration
rudiservo
commented
5 years ago IKEv2 EAP-MSCHAPv2 and EAP-RADIUS, both worked with Windows 10 1903 update, but I did had to import LE x3, Self signed CA imported CA and cert for the Server itself did not work in Windows. There was no issue with Ubuntu 18.04 NetworkManager, IPSEC IKEv2 with self signed certificates, LE x3 I was unable to to the same.
Again I am no expert, usualy the issues is between the chair and the Keyboard, but this time I really do not know what is going on.
mimugmail
commented
5 years ago I'd suggest to close this issue here and open a thread in the forums, add some screenshots and error messages. If LE works then it also has to work with self signed CA. server cert is not required to import into windows.
AdSchellevis
commented
4 years ago This issue has been automatically timed-out (after 180 days of inactivity).
For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.
If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.
Hey guys, I am leacing this for future reference and maybe someone can dbug it better that I can.
I have a Ipsec IKEv2 setup, I don't know if it is an issue with either windows 10 1903 or something in the opnsense letsencript or ipsec plugin.
I have tested with a Linux Client (Xubuntu 18.04 with network-manager ipsec plugin) and it works fine.
Ipsec server seems to successfully transmit the certificate to the windows client, nothing seems to be wrong there, but either the LetsEncript X3 intermediate cert is not being sent along, or there is an issue with windows 10 that I don't know of.
If I add the x3 cert to windows 10 1903 Intermediate trusted certs, it works fine and Windows can audit with no issues and connect to the VPN.
I am by no means a windows expert.