On 2018-05-29, Jan Lambertz <jd.arbeit@googlemail.com> wrote:
> Hello everyone,
>
> i'm trying for two days now to setup an IKedV2 Roadwarrior VPN.
> the logfiles show, that something is not working correctly during
> connection establishment.
> I changed configs in every way i can think of without success. Why is
> it not working ?
> Here is the setup.
>
> PF is permissive
>
> Home(internet:178.x.x.x, NAT, lan 192.168.1.0/24) --
> internet --
> Smartphone(internet:89.x.x.x, NAT, WLanAP 192.168.43.0/24) --
> Notebook(OpenBSD6.3, 192.168.43.253)
>
> Home config
> ikev2 "VPN HOME" passive esp \
> from 192.168.1.1 to 192.168.43.253 \
> local 178.x.x.x peer any \
> srcid 178.x.x.x \
> psk "key" \
> config address 192.168.1.100/8 \
> config netmask 255.255.255.0 \
> config name-server 192.168.1.1
>
> Notebook config
> ikev2 "VPN HOME" active esp \
> from 192.168.43.253 to 192.168.1.1 peer 178.x.x.x \
> psk "key" \
> tag "VPN" tap enc0
iked as a client won't do the "config address" parts, ...
> sa_stateok: VALID flags 0x0038, require 0x0038 auth,authvalid,sa
> sa_state: AUTH_SUCCESS -> VALID
> sa_stateok: VALID flags 0x0038, require 0x0038 auth,authvalid,sa
> ikev2_cp_setaddr: pool configured, but IKEV2_CP_REQUEST missing
> ikev2_resp_recv: failed to send auth response
> sa_state: VALID -> CLOSED from 89.x.x.x:15384 to 178.x.x.x:4500 policy
> 'VPN HOME'
... and it looks like the server is complaining about this.
If you explain what you want (notebook access to only the gateway?
notebook access to whole LAN? notebook access to internet over VPN?)
you can probably get some sample configs from someone who has already
done this.
No comments:
Post a Comment