FireBrick Road Warrior Certificate Authentication: Difference between revisions
Content deleted Content added
adding initial page |
No edit summary |
||
| Line 1: | Line 1: | ||
<indicator name="RoadW">[[File:Menu-Road-Warrior.svg|link=:Category:FireBrick IPsec Road Warrior|30px|Back up to the FireBrick Road Warrior Category Page]]</indicator> |
<indicator name="RoadW">[[File:Menu-Road-Warrior.svg|link=:Category:FireBrick IPsec Road Warrior|30px|Back up to the FireBrick Road Warrior Category Page]]</indicator> |
||
It is possible to use Client Certificate authentication instead of using EAP Users. |
It is possible to use Client Certificate authentication instead of using EAP Users. This method may be preferable to some, as your EAP password is not viewable from the FireBrick's configuration. |
||
This page is a work-in-progress and is not currently complete. |
This page is a work-in-progress and is not currently complete. |
||
| Line 35: | Line 35: | ||
= Step 2 - Configuring the FireBrick= |
= Step 2 - Configuring the FireBrick= |
||
The configuration of the FireBrick is much the same as the configuration for using EAP secrets at [[FireBrick_Road_Warrior_FireBrick_Config]], but with two changes: |
|||
* peer-auth-method is set to "Certificate" rather than EAP |
|||
* no need to add any EAP users. |
|||
Example: |
|||
<syntaxhighlight lang=xml> |
|||
<ipsec-ike> |
|||
<connection name="server" roaming-pool="roam-pool" auth-method="Certificate" peer-auth-method="Certificate" mode="Wait" local-ID="FQDN:server.example.com"/> |
|||
<roaming name="roam-pool" ip="[ranges of LAN IPs]" DNS="[DNS, e.g. 8.8.8.8]"/> |
|||
</ipsec-ike> |
|||
</syntaxhighlight> |
|||
= Step 3 - Configuring Devices= |
= Step 3 - Configuring Devices= |
||