On 2019-04-19, Riccardo Giuntoli wrote:
> Hello dear OpenBSD folks, how're you guys? I'm fine working a little bit
> with our favorite OS.
>
> I'm following the white rabbit doing a PTP IPsec between an old WindowsXP
> virtual machine to complain QSL operations (
> https://www.qsl.net/dl4yhf/speclab/settings.htm#special_drivers) and a new
> OpenBSD macppc 6.4-stable.
>
> To doing this i've done a samba sharing between the two machines, obviously
> the XP is in a internal VLAN without Internet. I want to protect the
> broadcast domain with an IPSEC implementation and i'm reading this old
> guide:
>
> http://the-eye.eu/public/Books/IT%20Various/winxp-openbsd_ipsec_tunnel-mode_vpn_with_x509v3_certificates.pdf
>
> When it speak of XP keys and certificate it write about "certpatch":
>
> certpatch -t fqdn
>
> I found it here:
>
> https://svn.anytun.org/anytun/tags/anytun-0.2/keyexchange/isakmpd-20041012/apps/certpatch/certpatch.c
>
> But i cannot find it in the new OpenBSD tree or in the NetBSD one.
>
> What is the cutting edge implementation nowadays?
>
> Nice Regards,
>
> RG
>
The simplest method is probably to use "ikectl ca". It is meant for use
with iked rather than isakmpd, but the certificates will have the required
extension and should work OK for this use too.
