inline
On 2023-04-08 04:33, Stuart Henderson wrote:
On 2023-04-07, m...@phosphorus.com.br <m...@phosphorus.com.br> wrote:
ikev2 "vpn" passive esp \
from dynamic to 185.21.22.23/32 \
that should definitely be "from ... to dynamic", though that's not the
problem you're running into yet.
(that /32 you have will only setup a tunnel to the machine itself,
if you want all traffic to go via vpn then use 0.0.0.0/0).
If anyone has a working setup for iphone via 4G (dynamic) connecting
to
a VPS (fixed IP) is much appreciated.
maybe try with user/password auth and get that working first before
moving on to client certificates? something like this:
---
user <username> "<password>"
ikev2 "ikevpn" passive esp from 0.0.0.0/0 to dynamic \
local <server-ip-address> peer any \
srcid "<server-name>" \
eap "mschap-v2" \
config address 172.28.15.128/25 \
config name-server 172.28.15.2 \
tag "$name-$id"
---
Good point, will try it simple first. What should be used for localid
and remoteid on the phone client?
Also, Is there a need to generate a certificate matching the servers's
name?