Hi guys!
First of all thanks for such a nice OS!
It's my first post, I'm from Venezuela.
I'm trying to set up a VPN connection between two machines, one running
StrongSwan on Linux, and the other OpenBSD 5.8. OpenBSD is set to start
the vpn connection.
This is the setup:
OpenBSD |------->| LINUX/StrongSwan 5
10.0.1.240 | | 10.0.1.220 NET/INTER:192.168.100.0/29
I'm seeing the connection established but I can't ping to a machine
behind Linux network.
My ipsec.conf
ike esp from 10.0.1.240/32 to 192.168.100.0/29 peer 10.0.1.220 \
main auth hmac-sha1 enc 3des group modp1024 \
quick auth hmac-sha1 enc 3des group modp1024 \
psk "zRmzouKsYEBMYrKMX16bkwazXV21cV8zFIA6LHzt"
My pf.conf
set skip on lo
block return # block stateless traffic
pass # establish keep-state
# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010
pass on enc0
Output from "ipsecctl -s all"
FLOWS:
flow esp in from 192.168.100.0/29 to 10.0.1.240 peer 10.0.1.220 srcid
10.0.1.240/32 dstid 10.0.1.220/32 type use
flow esp out from 10.0.1.240 to 192.168.100.0/29 peer 10.0.1.220 srcid
10.0.1.240/32 dstid 10.0.1.220/32 type require
SAD:
esp tunnel from 10.0.1.220 to 10.0.1.240 spi 0x99442db4 auth hmac-sha1
enc 3des-cbc
esp tunnel from 10.0.1.240 to 10.0.1.220 spi 0xc15117e3 auth hmac-sha1
enc 3des-cbc
My ipsec.conf (linux side just in case)
conn openbsd-test
left=10.0.1.220
leftsubnet=192.168.100.0/29
leftid=10.0.1.220
leftfirewall=yes
right=10.0.1.240
rightid=10.0.1.240
ike=3des-sha-modp1024!
esp=3des-sha-modp1024!
auto=add
Am I doing something wrong? Or is there any thing I missed?
Any help would be really appreciated.
Victor Medina.
