inline
On 2023-04-08 04:33, Stuart Henderson wrote:
> On 2023-04-07, misc@phosphorus.com.br <misc@phosphorus.com.br> wrote:
>> ikev2 "vpn" passive esp \
>> from dynamic to 185.21.22.23/32 \
>
> that should definitely be "from ... to dynamic", though that's not the
> problem you're running into yet.
>
> (that /32 you have will only setup a tunnel to the machine itself,
> if you want all traffic to go via vpn then use 0.0.0.0/0).
>
>> If anyone has a working setup for iphone via 4G (dynamic) connecting
>> to
>> a VPS (fixed IP) is much appreciated.
>
> maybe try with user/password auth and get that working first before
> moving on to client certificates? something like this:
>
> ---
> user <username> "<password>"
>
> ikev2 "ikevpn" passive esp from 0.0.0.0/0 to dynamic \
> local <server-ip-address> peer any \
> srcid "<server-name>" \
> eap "mschap-v2" \
> config address 172.28.15.128/25 \
> config name-server 172.28.15.2 \
> tag "$name-$id"
> ---
Good point, will try it simple first. What should be used for localid
and remoteid on the phone client?
Also, Is there a need to generate a certificate matching the servers's
name?
No comments:
Post a Comment