Hello Tobias,
thanks a lot, that solved the question for me (at least on the server :) ).
Using ASN1 ids iked detects the matching policy. However, it then uses RFC7427
for auth (SIG), but the Windows 10 clients use RSA_SIG. This causes a mismatch
and the connection can't be established. (Yet,
Hi Alexander,
the log tells us that both times the handshake ends in the successful
establishment of an IKE SA. Like you reported both match the policy 'clientA'
instead of A and B:
> Jul 15 11:06:45 server iked[12701]: sa_state: VALID -> ESTABLISHED from
> 5.6.7.8:4500 to 1.2.3.4:4500 policy
Hello Tobias,
thank you very much for your reply.
Below is the output of ipsecctl -s all
and the verbose output of iked
#
When the first client connects:
(1.2.3.4 is the servers public IP, 5.6.7.8 is the public IP of the DSL modem)
FLOWS:
flow esp in from
Hi Alexander,
On Fri, Jul 12, 2019 at 02:03:08PM +, Alexander Mischke wrote:
> I can connect fine using a single client, however using more than one client
> breaks the connection for clientA while clientB is able to connect. I've been
> testing this with two clients behind the SAME DSL
Hello,
I am currently setting up an Internet facing OpenBSD IPsec (IKEv2) gateway
(with a public IP - no NAT).
The box is running OpenBSD 6.4.
This is supposed to be a roadwarrior setup with multiple Windows 10 Clients.
Authentication is done via client certificates (= Machine Certificates
5 matches
Mail list logo
