Hello,
I'm planning to set up a VPN on my router with iked(8).
The first goal is to have my Macbook and iPhone connected, both to route the traffic thrugh my router at home, and to get access to the services running on a machine behind the router.
I've read the VPN section in the FAQ, and I understand how it works, but all the different methods for such a setup is confusing me.
In my case, I guess X.509 is the way to go regarding authentication.
The FAQ tells how to create the nececery stuff, so that's ok.
But what kind of domain to use for the file names?
Both clients have a hostname within my internal .lan domain.
Can I use that, or should I create CNAMEs in one of my public domains, pointing to the VPN server's hostname?
Is it something in the config example I need to change?
Can the created client X.509 bundle be used directly on iPhone and Mac?
Regarding PF:
Now I have a general match rule for NAT, which NAT's traffic from all NICs.
Is it enough to do NAT for the VPN traffic, or do I need to implement a separate rule for that purpose?
Regards, Martin
No comments:
Post a Comment