Ugh. I'm feeling really stupid. I can't get any vpn set up between my
openbsd box and my OS X system, whether ike or npppd.
First - do I have to run -current, or will 5.7 work for this?
On OpenBSD virtual machine:
em0: 10.211.55.5
---/etc/rc.conf.local---
ipsec=YES
iked_flags="-v"
-------------------
---/etc/hostname.enc0---
net 192.168.192.2 255.255.255.0
-------------------
---/etc/iked.conf---
user "test" "test1"
ikev2 "ios9" passive esp \
from 0.0.0.0/0 to 0.0.0.0/0 \
local any peer any \
childsa enc 3des \
eap "mschap-v2" \
config address 192.168.192.2/24 \
config name-server 192.168.192.2 \
tag "$name-$id"
---------------------
---/etc/pf.conf---
set skip on lo
block return
pass all
----------------
------------------
# ikectl show ca vpn certificates
subject= /CN=belldandy.spidernet.to
SHA1 Fingerprint=3F:1E:D4:D3:2D:F2:BE:E2:CB:73:A0:29:E3:06:21:80:55:F6:E8:6F
notBefore=Oct 3 22:53:46 2015 GMT
notAfter=Oct 2 22:53:46 2016 GMT
subject= /CN=192.168.192.10
SHA1 Fingerprint=63:17:90:8E:B6:27:C0:0D:CD:59:BF:5C:95:25:E1:EF:B5:84:5C:E8
notBefore=Oct 3 22:54:16 2015 GMT
notAfter=Oct 2 22:54:16 2016 GMT
------------------
On the OS X (10.11) side:
vnic0: 10.211.55.2
Server Address: 10.211.55.5
Remote ID: test
Local ID: my username on OS X
Authentication Settings: 192.168.192.10 (The certificate I generated
according to "man ikectl")
What am I missing or doing wrong?
â
