On 2015-04-23, Yassen Damyanov <[email protected]> wrote: > I am trying to provide a road warrior ipsec vpn solution using isakmpd. > (The router already runs three site-to-site ipsec channels via isakmpd > already.) > > Now able to create the channel using a psk and a static ip on the client > side (no authentication other than the psk). > > Now I would like to auto-configure the clients (ike config pull) and allow > for "Mutual psk + xauth" authentication. Having no any clue on how to do this > ... hours of googling does not yield much useful stuff for me. > > > Would you guys help me sort this out? Any input greatly appreciated. > Yassen > >
OpenBSD isakmpd does not support xauth. There is user authentication available in IKEv2 (iked), but this is a different protocol, and you can't run it alongside isakmpd on the same machine.
