Apologies for my formatting. To clarify:
laptop = 10.12.62.99
ipcop = 10.12.62.1
Tom K wrote:
I'm a complete beginner with OpenBSD, and I've just installed 3.8 on
my laptop principally to learn the OpenBSD way of doing IPsec i.e.
isakmpd and ipsecctl. My goal is to create a tunnel between OpenBSD
and my existing Openswan system (IPCop 1.4.10) using x509 certs. I
have a reasonably good understanding of Openswan, so basically I'm
trying to understand the specifics of isakmpd/ipsecctl, rather than
the underlying concepts.
Here's where I am so far:
ipsecctl has just been intoduced in 3.8 to simplify ipsec operations.
It obsoletes isakmpd.conf. I can run isakmpd with no conf file, and
ipsecctl with the following ipsec.conf file:
ike esp from 10.12.62.99 to 0.0.0.0/0 peer 10.12.62.1
| |
laptop ipcop
and I get some familiar-looking responses in Openswan's logs - so far
so good. No tunnel, but that's OK for the moment.
What I'm not clear on is where I define the certs, if isakmpd.conf is
no longer in use. There's no mention of them in man ipsecctl. Maybe I
still need something like this in isakmpd.conf:
# Certificates stored in PEM format
[X509-certificates]
CA-directory= /etc/isakmpd/ca/
Cert-directory= /etc/isakmpd/certs/
Private-key= /etc/isakmpd/private/openbsd1.as10.net.priv
Am I on the right track? I would really appreciate any suggestions.
Thanks
Tom K.
