Thank you for your suggestion,
I already have connections to peers using isakmpd, am afraid to bring
those connections down to switch over to ipsec.
On 07/11/2015 05:02 PM, carlos albino garcia grijalba wrote:
> use ipsec.conf the new configuration are simple i have connections
> from cisco peers and the only problem were using
> wrong credentials
>
> > Date: Fri, 10 Jul 2015 12:59:56 -0700
> > From: motty.c...@gmail.com
> > To: misc@openbsd.org; motty.c...@gmail.com
> > Subject: OpenBSD 5.5 won't initiate VPN (Ipsec
> site-to-site)connection to Cisco device
> >
> > Hello,
> >
> > I have a gateway machine OpenBSD 5.5 that won't not initiate connection
> > to peer. The one way to establish VPN tunnel is if peer ping IP in my
> > subnet.
> > in pf.conf
> > IpsecClients="{ 173.16.2.20/32, 139.19.10.51/32 }"
> > IpsecHosts="{ 192.16.38.24/27 }"
> >
> > # IPSec VPN tunnel
> > pass in on $OUTSIDE inet proto udp from $IpsecClients to $IpsecHosts
> > port 500
> > pass in on $OUTSIDE inet proto esp from $IpsecClients to $IpsecHosts
> >
> >
> > isakmpd.conf
> > phase 1
> > 139.19.10.51= ISAKMP-peer-CORP1
> > phase 2
> > connections = IPsec-CORP1-DataCenter1
> >
> > #Phase 1 peers
> > ## CORP1
> > [ISAKMP-peer-CORP1]
> > Phase= 1
> > Transport= udp
> > Address= 139.19.10.51
> > Configuration= Default-main-mode3
> > Authentication= psecret
> >
> > # phase 2
> > [IPsec-CORP1-DataCenter1]
> > Phase= 2
> > ISAKMP-peer= ISAKMP-peer-CORP1
> > Configuration= Default-quick-mode3
> > Local-ID= Net-datacenter1
> > Remote-ID= Net-corp1
> >
> > [IPsec-CORP1-DataCenter2]
> > Phase= 2
> > ISAKMP-peer= ISAKMP-peer-CORP1
> > Configuration= Default-quick-mode3
> > Local-ID= Net-datacenter2
> > Remote-ID= Net-corp2
> >
> > any ideas?
