Re: ikev2 and a win7 road warrior host

2012-05-22 Thread Pavel Shvagirev
Have a look at the discussion between me and Mike Belopuhov that took place not so long ago here... We have covered most of the troubles that you might have met following the man pages. 22.05.2012 10:14, Wesley P=P0P?P8QP0P;: Hi, I'm trying to have this

Re: ikev2 and a win7 road warrior host

2012-05-22 Thread Wesley
I already read your posts ;-) and also man pages (ikectl, iked.conf and iked) But now it is for a road warrior configuration. I don't understand these parts : Parts that i don't understand, if someone can help me on : -For server, i need a certificate server for vpn.X.net ? or aa.bb.cc.dd ?

Re: ikev2 and a win7 road warrior host

2012-05-22 Thread Wesley
Certificates are now accepted. iked -dvv give me : ... ikev2_dispatch_cert: AUTH type 1 len 256 sa_stateflags: 0x08 - 0x0c auth,sa (required 0x0f cert,valid,auth,sa) ikev2_dispatch_cert: peer certificate is valid sa_stateflags: 0x0c - 0x0e valid,auth,sa (required 0x0f cert,valid,auth,sa)

Re: ikev2 and a win7 road warrior host

2012-05-22 Thread Pavel Shvagirev
Working iked.conf that runs without a problem: ikev2 win7 quick passive esp inet proto udp \ from $local_net to $client_net local local.endpoint.net peer remote.endpoint.net \ srcid local.endpoint.IP.address \ dstid remote endpoint's certificate distinguished name \

Re: ikev2 and a win7 road warrior host

2012-05-22 Thread Pavel Shvagirev
22.05.2012 17:23, Pavel Shvagirev P=P0P?P8QP0P;: peer.endpoint.net - is an initiator side (win7 machine). Win7's cert must be issued to that IP. I mean remote.endpoint.net here Two more notes: 1. Win7 connection shoud be set up to the openbsd's IP address, not the FQDN. (the first tab in the

Re: ikev2 and a win7 road warrior host

2012-05-22 Thread Wesley MOUEDINE ASSABY
First thank you very much for your time and reply. I appreciate. Therefore win7 is a road warrior host so dynamic address. so the iked.conf become : ikev2 win7 passive esp \ from 192.168.0.0/24 to 10.10.10.0/24 local aa.bb.cc.dd peer any \ srcid aa.bb.cc.dd \ config address 10.10.10.7

Re: ikev2 and a win7 road warrior host

2012-05-22 Thread Wesley MOUEDINE ASSABY
It works !!! ;-) Just doing below. -- Wesley Le 22 mai 2012 ` 19:29, Wesley MOUEDINE ASSABY a icrit : First thank you very much for your time and reply. I appreciate. Therefore win7 is a road warrior host so dynamic address. so the iked.conf become : ikev2 win7 passive esp \ from