Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick Road Warrior Certificate Authentication: Difference between revisions

FireBrick Road Warrior Certificate Authentication (view source)

Revision as of 14:53, 19 January 2018

690 bytes added ,  19 January 2018
no edit summary
(adding initial page)
 
No edit summary
<indicator name="RoadW">[[File:Menu-Road-Warrior.svg|link=:Category:FireBrick IPsec Road Warrior|30px|Back up to the FireBrick Road Warrior Category Page]]</indicator>
It is possible to use Client Certificate authentication instead of using EAP Users. This method may be preferable to some, as your EAP password is not viewable from the FireBrick's configuration.
 
This page is a work-in-progress and is not currently complete.
 
= Step 2 - Configuring the FireBrick=
 
The configuration of the FireBrick is much the same as the configuration for using EAP secrets at [[FireBrick_Road_Warrior_FireBrick_Config]], but with two changes:
* peer-auth-method is set to "Certificate" rather than EAP
* no need to add any EAP users.
 
Example:
<syntaxhighlight lang=xml>
<ipsec-ike>
<connection name="server" roaming-pool="roam-pool" auth-method="Certificate" peer-auth-method="Certificate" mode="Wait" local-ID="FQDN:server.example.com"/>
<roaming name="roam-pool" ip="[ranges of LAN IPs]" DNS="[DNS, e.g. 8.8.8.8]"/>
</ipsec-ike>
</syntaxhighlight>
 
 
 
= Step 3 - Configuring Devices=
Aa-jamie
75

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/12913