IPSec Windows Client Setup

My system profile is https://fireinfo.ipfire.org/profile/24d46e1e39213a1e23b00eb0b0afeeed7952d380
I am having an epic fail trying to get a Windows 10 client setup to use the builtin client to connect using IPSec.

Hi !
I’m working at the same issue… i cannot get it working with windows 10 Pro and Android (S21)
on both sides i’m hanging on importing certs…
In windows i cannot find them when they are imported and cannto setup connection (it tries with wrong cert) and in android i cannot import (pem you cannot install w/o private key and p12 always complain about wrong password (but pw inserted is to 1000% ok)
So a giude to do this on mobile / laptop devices would be nice…

Ciao Gerd

Hi there. I have tried to get a win10 roadwarrier to connect to an IPFire box using IPsec but I have never managed to get it up and running, despite the Wiki and other hints on the web. After countless frustrating hours I overcame my inner dislike for 3rd party software and installed OpenVPN Community client on the roadwarriors and activated it on the IPFire box. And after a very short and surprisingly painless configuration the connections work just great! Very stable, very fast, even with the most complex ciphers etc. No matter where the roadwarrios get internet (over mobile, throught some NAT-routers, strange dial-in stuff etc.) I just start OpenVPN on the roadwarrior, right-click on the connection and chose to connect. A few seconds later the connection is up and running and the roadwarriors and reach the server and printers in the headquarters network.

I’ve been using it for about 3 years now and can really recommend using OpenVPN instead of IPsec.

However, if anyone can write an idiot-proof step-by-step-instrucion on how to connect a Win10 roadwarrior to IPFire using IPsec I would like to try that out too :wink: .

1 Like

I’m working at the same issue too…
I’m new to the IPFire, and installed latest core 160, the issue seems still remained.
Do you finally solved the problem or find out any workarond?

it seems there is a problem with the p12-certificates generated by ipfire. I have tried to extract the cert and the key by openssl (openssl pkcs12 -nokeys -clcerts -in filename.p12 -out filename_key.pem and openssl -nocerts -in filename.p12 -out filename_key.pem) it results in this error “wrong tag”: :error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
135787512087936:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=PKCS12_MAC_DATA


Hi all,

it seems like this topic completely fell through the cracks within the past months. Apologies for that. :frowning:

Should this problem persist, please file a bug for it so we can keep track of it and finally solve it. Your login credentials work on https://bugzilla.ipfire.org/ (our bugtracker) as well.

Thanks, and best regards,
Peter Müller