Hi there,
since my attempt with ikev2 failed I thought I go back to ikev1 but it
seems since the last time I used it something has changed with that too.
I simply try to set up a site to site tunnel with a PSK
here is the ipsec.conf on the openbsd machine
ike from {10.10.10.0/24} to 10.10.15.0/24 \
main auth hmac-sha1 enc blowfish group modp1024\
quick auth hmac-sha1 enc blowfish group modp1024\
psk "my_psk"
and here is the pf.conf
### define networks ##########
tun_in="10.10.15.0/24"
tun_end="{10.10.10.0/24}"
# simple ipsec
pass in proto { esp ah } to ($ext_if)
pass in on $ext_if proto udp from any to port {500 4500} keep state
pass in on enc0 proto ipencap
pass in on enc0 from {$tun_in} to $tun_end
pass out proto {esp ah}
pass out on enc0 from $tun_end to {$tun_in}
this works at least for a openbsd 5.6 and a srewsoft client (this is
basically my other endpoint).
with this setup Im not able to connect to a openBSD 6.1 and the logs
don't show anything helpfull
so the question is where do I need to do the rewriting and is there some
example beside the ipsec.conf in /etc/examples ?
Regards
--
Markus Rosjat fon: +49 351 8107223 mail: ros...@ghweb.de
G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden
http://www.ghweb.de
fon: +49 351 8107220 fax: +49 351 8107227
Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before
you print it, think about your responsibility and commitment to the
ENVIRONMENT
