Hello,
I have a gateway machine OpenBSD 5.5 that won't not initiate connection
to peer. The one way to establish VPN tunnel is if peer ping IP in my
subnet.
in pf.conf
IpsecClients="{ 173.16.2.20/32, 139.19.10.51/32 }"
IpsecHosts="{ 192.16.38.24/27 }"
# IPSec VPN tunnel
pass in on $OUTSIDE inet proto udp from $IpsecClients to $IpsecHosts
port 500
pass in on $OUTSIDE inet proto esp from $IpsecClients to $IpsecHosts
isakmpd.conf
phase 1
139.19.10.51= ISAKMP-peer-CORP1
phase 2
connections = IPsec-CORP1-DataCenter1
#Phase 1 peers
## CORP1
[ISAKMP-peer-CORP1]
Phase= 1
Transport= udp
Address= 139.19.10.51
Configuration= Default-main-mode3
Authentication= psecret
# phase 2
[IPsec-CORP1-DataCenter1]
Phase= 2
ISAKMP-peer= ISAKMP-peer-CORP1
Configuration= Default-quick-mode3
Local-ID= Net-datacenter1
Remote-ID= Net-corp1
[IPsec-CORP1-DataCenter2]
Phase= 2
ISAKMP-peer= ISAKMP-peer-CORP1
Configuration= Default-quick-mode3
Local-ID= Net-datacenter2
Remote-ID= Net-corp2
any ideas?
