Hi,
I will try your puffy to puffy. Looks so simple, that there are obviously no Errors 😊.
Puffy to Android Comes next..
Puffy to puffy
# cat /etc/iked.conf
ikev2 "virtualmachine" passive esp from 172.0.16.0/24 to 192.168.10.0/24 \
local egress peer any psk "secret"
# cat /etc/iked.conf
ikev2 "openbsdgw" active esp from 192.168.10.0/24 to 172.0.16.0/24 \
local egress peer 10.20.30.10 psk "secret"
----------------------------
OpenBSD 6.X ( IPHONE AND STRONGSWAN )
ikev2 "roadwarrior" passive esp from 0.0.0.0/0 to 10.20.30.0/24 \
local egress peer any \
ikesa enc aes-256 auth hmac-sha2-256 group modp2048 \
childsa enc aes-256 auth hmac-sha2-256 group modp2048 \
dstid road@openbsd.org psk "psk_passphrase" config address 10.20.30.32
Iphone = just disable certificates and set psk
Interoperability with StrongSwan
# cat /etc/ipsec.conf
ipsec.conf – strongSwan IPsec configuration file
# basic configuration
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
authby=secret
ike=aes256-sha256-modp2048!
esp=aes256-sha256-modp2048!
conn strongswan
left=%any
leftfirewall=yes
leftsourceip=%config
right=REMOTE_PEER_IP
rightid=puffymagic.ikedvpn.com
rightsubnet=192.168.0.0/24,172.8.50.0/24 ( networks you want access on other side ) ( behind magic puffer fish )
auto=add
# cat /etc/ipsec.secrets
# ipsec.secrets – strongSwan IPsec secrets file
: PSK "strongopeniked"
Hope it helps
You welcome !
2018-05-29 9:42 GMT-03:00 Jan <jd.arbeit@googlemail.com>:
Hi Christophe,
i think i've got it now. I removed the „config" Options from the Server config and things started working.
(for what interface should they be applied at all ?)
Since then my home lan (192.168.1.0/24) stoped working for other devices at home. When this is working again i will post my Setup.
I think now everything from 192.168.1.0/24 gets routed through vpn to my Notebook and others are not allowed anymore. Maybe putting vpn ips and local ips in different address ranges is a good idea…
Jan
No comments:
Post a Comment