FireBrick Road Warrior Certificate Authentication: Difference between revisions

(adding initial page)
 
No edit summary
<indicator name="RoadW">[[File:Menu-Road-Warrior.svg|link=:Category:FireBrick IPsec Road Warrior|30px|Back up to the FireBrick Road Warrior Category Page]]</indicator>
It is possible to use Client Certificate authentication instead of using EAP Users. This method may be preferable to some, as your EAP password is not viewable from the FireBrick's configuration.
 
This page is a work-in-progress and is not currently complete.
 
= Step 2 - Configuring the FireBrick=
 
The configuration of the FireBrick is much the same as the configuration for using EAP secrets at [[FireBrick_Road_Warrior_FireBrick_Config]], but with two changes:
* peer-auth-method is set to "Certificate" rather than EAP
* no need to add any EAP users.
 
Example:
<syntaxhighlight lang=xml>
<ipsec-ike>
<connection name="server" roaming-pool="roam-pool" auth-method="Certificate" peer-auth-method="Certificate" mode="Wait" local-ID="FQDN:server.example.com"/>
<roaming name="roam-pool" ip="[ranges of LAN IPs]" DNS="[DNS, e.g. 8.8.8.8]"/>
</ipsec-ike>
</syntaxhighlight>
 
 
 
= Step 3 - Configuring Devices=
Retrieved from ‘http://support.aa.net.uk/FireBrick_Road_Warrior_Certificate_Authentication