PFSense Mobile Client IPSEC Setup (iOS & Android)

Steps:
Step 1 Enable Mobo client for IPSec VPN






Step 2 Create Phase 1 For VPN




On the VPN: IPsec: Edit Phase 1: Mobile Client page, enter the following values:

Key	Value	Remark
Disabled	not checked
Interface	WAN
Description	Mobile Clients	This can be anything, name it something appropriate.
Authentication method	Mutual PSK
Negotiation mode	aggressive
My identifier	My IP address
Policy Generation	Unique	Might prevent traffic to the LAN if set to something else.
Proposal Checking	Strict
Encryption algorithm	AES, 256 bits	Choose any, but keep it identical on router and client.
Hash algorithm	SHA1
DH key group	2
Lifetime	3600
NAT Traversal	Force	Might prevent traffic to the LAN if set to something else.
Dead Peer Detection	not checked

Step 3 Create Phase 2  For VPN

Click to list the Phase 2 entries under the newly created Phase 1.




On the VPN: IPsec: Edit Phase 2: Mobile Client page, enter these values:

Key	Value	Remark
Disabled	not checked
Mode	Tunnel
Local Network	LAN subnet
Description	Phase 2 for road warriors	Enter something appropriate.
Protocol	ESP
Encryption algorithms	select only 3DES	The best is chosen at handshake time. Others will probably work too. 3DES works for me because I have a mobile application that will work only with this.
Hash algorithms	Select SHA1 and MD5
PFS key group	Set to Group 2
Lifetime	3600
Automatically ping host	leave empty

Step 4 Create User With Certificate

If the mode has been left at the wizard's default or on a mode that includes local user authentication, a user must be created in the user manager.

• Navigate to System > User Manager
• Click To add a user
• Fill in Username
• Fill in Password / Confirm password
• Check Click to create a user certificate.
• Fill in the Descriptive Name as the username

 Also assigned effective privileges to newly created user. ( User IPSec Dial-in Auth)

Step 5 Create Firewall Rule for IPSec