Hi there!
I have setup IKE2 VPN server for road warriors. I have some thoughts, maybe someone can help me with…
- Let’s Encrypt certificate is great functionality, but it makes me mad to have port 80 open for whole world. In the best effort I managed Layer7 regexp to catch GET /.well-known/acme-challenge/ request and add it to addresslist, but it is having some drawbacks. IMHO it would be great if certificate renewal could be scripted. One script before renewal action starts, another script when it is finished to open and close the port 80. Also it would be great if there is possibility to pick time to run the renewal.
users - we are using L2TP/IPsec so far and IKE2 is much faster, but Im missing some features over L2TP. I need to assign addresslist to user, but I can’t find the way.
Do you anyone managed that?