Ho misc@, I have been (loosely) following the guide at http://puffysecurity.com/wiki/openikedoffshore.html and have run into a roadblock.
I have packets going between my two hosts on different networks, the configuration files on both are good, and both have the ca installed. However on my remote host, I get (ips and hostnames redacted): Nov 5 01:38:14 hostname iked[7047]: ikev2_msg_send: IKE_SA_INIT request from $local_wan:500 to $remote.168:500 msgid 0, 534 bytes Nov 5 01:38:14 hostname iked[7047]: ikev2_recv: IKE_SA_INIT response from responder $remote8:500 to $local:500 policy 'policy1' id 0, 471 bytes Nov 5 01:38:14 hostname iked[12679]: ca_getreq: no valid local certificate found This is coupled with, as I create the ca key... # ikectl ca vpn1 create CA passphrase: Retype CA passphrase: [stuff-happens-and-inputs] Getting Private key Using configuration from /etc/ssl/openssl.cnf variable lookup failed for ca::default_ca 24387713617796:error:0E06D06C:configuration file routines:NCONF_get_string:no value:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/conf/conf_lib.c:323:group=ca name=default_ca I've checked the mail logs for misc@ and found a person in August with this problem, http://marc.info/?l=openbsd-misc&m=133675466519976&w=2 Unfortunately, editing /etc/ssl/x509v3.cnf didn't work for me. Variable lookup still failed. Thank you for any help.
