I am looking to configure iked(8) on my OpenBSD router to provide
IPsec services to remote clients. I would like to tunnel (nearly) all
my traffic from my phone or laptop back into my home router, and
leverage the services there (DNS, firewall, etc.), then either access
my local network or the rest of the internet. I think I want my
router to be a VPN proxy - is there more accurate/common terminology?
I am having difficulty extracting what is and is not relevant from the
iked.conf(5) man page, since this is new terminology to me. I believe
that the first example is most appropriate for my router
configuration, adapted something like this:
# candidate iked.conf
set mobike
user "test" "password123"
ikev2 esp \
eap "mschap-v2" \
config dhcp-server 10.0.0.1
The parts I'm confused on are the from/to and peer/local fields.
Which pair describes the IPs of the tunnel endpoints, and which
describes the traffic allowed to flow through the tunnel? I guess I
don't know whether "IPsec flow" refers to the encapsulating ESP
packets or the encapsulated traffic.
Thanks for any help / cluebats.
--david
No comments:
Post a Comment