Hello, I was experimenting with setting up a VPN server on AWS using Algo ( https://github.com/trailofbits/algo) that I'd like to connect to using an OpenBSD laptop.
They don't explicitly provide an OpenBSD client configuration but from what I can tell it should be doable with OpenBSD's built in tools. It appears to be IKEv2 so from what I can tell I just need the correct /etc/iked.conf and copy the right keys/certificates into the right places in /etc/iked. This is the StrongSwan config file provided for the client (VPN server's IP address replaced with $REMOTEGW and username replaced with $USER). conn ikev2-$REMOTEGW fragmentation=yes rekey=no dpdaction=clear keyexchange=ikev2 compress=no dpddelay=35s ike=aes128gcm16-prfsha512-ecp256! esp=aes128gcm16-ecp256! right=$REMOTEGW rightid=$REMOTEGW rightsubnet=0.0.0.0/0 rightauth=pubkey leftsourceip=%config leftauth=pubkey leftcert=$USER.crt leftfirewall=yes left=%defaultroute auto=add I tried copying the certifcate produced by algo named $REMOTEGW.crt to /etc/iked/pubkeys/ipv4/$REMOTEGW but when I restart iked with rcctl restart iked I get "iked: set_policy: could not find pubkey for /etc/iked/pubkeys/ipv4/$REMOTEGW" in /var/log/messages. The certificate is in the PEM format, which appears to be what is required, so I'm unsure what problem iked is having. Any insight or help would be appreciated. I'd be happy to provide more information if necessary. Thanks, Alec