Re: l2tp / ipsec issue
In mailing.openbsd.misc, you wrote: the public_ip in your ipsec.conf should be the external ip of your router, not the openbsd box. other setup checks can be referred to the following article. http://undeadly.org/cgi?action=articlesid=20120427125048 Say I'm using PPPoE and my IP address changes every night, do I have to restart isakmpd + change the $public_ip in /etc/ipsec.conf every night, too?
Re: l2tp / ipsec issue
On Fri, 25 Jul 2014, mxb wrote: Probably, but you can play with ipsec-config and send your results over here. On 24 jul 2014, at 13:23, Stefan Krueger stadtki...@gmx.de wrote: In mailing.openbsd.misc, you wrote: the public_ip in your ipsec.conf should be the external ip of your router, not the openbsd box. other setup checks can be referred to the following article. http://undeadly.org/cgi?action=articlesid=20120427125048 Say I'm using PPPoE and my IP address changes every night, do I have to restart isakmpd + change the $public_ip in /etc/ipsec.conf every night, too? Ok, restarting isakmpd is not necessary, but I have to change my $public_ip + ipssecctl -f /path/to/ipsec.conf every night... Another question, is there a way to have both main auth and aggressive auth in ipsec.conf? iOS 7.x seems to use main auth, while Android 4.4.x seems to use aggressive auth.
Re: L2TP/IPSec via npppd won't work with Android 5.x
In mailing.openbsd.misc, you wrote: > Hi, everyone: > > [...] > > But the android devices I had won't work by all means. I found out that > Android 5.x > L2TP/IPSec VPN client works in: > hash algorithm: hmac-sha2-256 > encrypt method: aes_cbc > life time: 28800 > > The ipsec.conf with: > `` > ike passive esp tunnel \ > from "IP_ADDRESS" to any \ > main auth "hmac-sha2-256" enc "aes" group "modp1024" lifetime 2880\ > quick group "modp1024" \ > psk "SECRET_KEY" > '' didn't make a chage.(after `ipsecctl -f /etc/ipsec.conf`) Hi, the following config worked for me when I was using it (with npppd) last year (dumped it since I couldn't find a way to use it with iOS and Android at the same time): /etc/ipsec.conf public_ip = "x.y.z.a" ike passive esp transport \ proto udp from $public_ip to any port l2tp \ aggressive auth "hmac-sha1" enc "aes" group modp1024 \ psk "XXX" IIRC Android required the use of "aggressive auth" where iOS only worked with the default "main auth"...
