Hello all I am trying a - what I think is - simple ipsec setup. The point is to ipsec-encrypt all traffic between a pair of firewalls (gateA and gateB, both OBSD 4.0), in order to send pfsync traffic over the encrypted link. Although having read through ipsec, ipsec.conf, isakmpd and friend's manpages, I get stuck on the same point. Obviously I'm missing some important point.
gateA:/etc/ipsec.conf: ike esp from 10.111.1.1 to 10.111.1.2 gateB:/etc/ipsec.conf: ike esp from 10.111.1.2 to 10.111.1.1 private and public key created by rc on initial boot in /etc/isakmpd/private on both machines. copied gateA's /etc/isakmpd/private/local.pub to gateB:/etc/isakmpd/pubkeys/ipv4/10.111.1.1 and gateB's /etc/isakmpd/private/local.pub to gateA:/etc/isakmpd/pubkeys/ipv4/10.111.1.2 /etc/rc.conf.local ipsec=YES isakmpd_flags="-K -f /var/run/isakmpd.fifo" I thought that with this, automatic keying would setup a tunnel between 10.111.1.1 and 10.111.1.2 on system start. But nothing of the like happens, not even a single IKE package is exchanged between the two hosts. Consequently, when pinging from 10.111.1.1 to 10.111.1.2 or vice versa, the packets go over the wire in the clear. I'm sorry, but I just can't see what I'm missing. Would anybody have a pointer for a lost soul? thx /markus
