Thank you for your suggestion, I already have connections to peers using isakmpd, am afraid to bring those connections down to switch over to ipsec.
On 07/11/2015 05:02 PM, carlos albino garcia grijalba wrote: > use ipsec.conf the new configuration are simple i have connections > from cisco peers and the only problem were using > wrong credentials > > > Date: Fri, 10 Jul 2015 12:59:56 -0700 > > From: motty.c...@gmail.com > > To: misc@openbsd.org; motty.c...@gmail.com > > Subject: OpenBSD 5.5 won't initiate VPN (Ipsec > site-to-site)connection to Cisco device > > > > Hello, > > > > I have a gateway machine OpenBSD 5.5 that won't not initiate connection > > to peer. The one way to establish VPN tunnel is if peer ping IP in my > > subnet. > > in pf.conf > > IpsecClients="{ 173.16.2.20/32, 139.19.10.51/32 }" > > IpsecHosts="{ 192.16.38.24/27 }" > > > > # IPSec VPN tunnel > > pass in on $OUTSIDE inet proto udp from $IpsecClients to $IpsecHosts > > port 500 > > pass in on $OUTSIDE inet proto esp from $IpsecClients to $IpsecHosts > > > > > > isakmpd.conf > > phase 1 > > 139.19.10.51= ISAKMP-peer-CORP1 > > phase 2 > > connections = IPsec-CORP1-DataCenter1 > > > > #Phase 1 peers > > ## CORP1 > > [ISAKMP-peer-CORP1] > > Phase= 1 > > Transport= udp > > Address= 139.19.10.51 > > Configuration= Default-main-mode3 > > Authentication= psecret > > > > # phase 2 > > [IPsec-CORP1-DataCenter1] > > Phase= 2 > > ISAKMP-peer= ISAKMP-peer-CORP1 > > Configuration= Default-quick-mode3 > > Local-ID= Net-datacenter1 > > Remote-ID= Net-corp1 > > > > [IPsec-CORP1-DataCenter2] > > Phase= 2 > > ISAKMP-peer= ISAKMP-peer-CORP1 > > Configuration= Default-quick-mode3 > > Local-ID= Net-datacenter2 > > Remote-ID= Net-corp2 > > > > any ideas?