Re: iked(8) OpenBSD road warrior setup anybody?

Zé, thank you for your answers! I hope my question didn't offence you; as you remember I asked for help and you kindly offered your configs, which I really appreciate, especially since it seems to be quite a rare setup. I asked you because I tried to replicate your config with "egress" keyword;

Re: iked(8) OpenBSD road warrior setup anybody?

> On 04/10/2016, at 18:48, Pavel Korovin wrote: > > On 10/04, Zé Loff wrote: >>> On 04/10/2016, at 11:58, Pavel Korovin wrote: >>> On 10/04, Zé Loff wrote: On "the wanderer" iked.conf: ikev2 home active esp \ from egress to

Re: iked(8) OpenBSD road warrior setup anybody?

On 10/04, Zé Loff wrote: > > On 04/10/2016, at 11:58, Pavel Korovin wrote: > > > >> On 10/04, Zé Loff wrote: > >> On "the wanderer" iked.conf: > >> > >> ikev2 home active esp \ > >>from egress to 192.168.99.0/24 \ > >>local egress peer vpn.example.com \ > >>srcid

Re: iked(8) OpenBSD road warrior setup anybody?

> On 04/10/2016, at 11:58, Pavel Korovin wrote: > >> On 10/04, Zé Loff wrote: >> On "the wanderer" iked.conf: >> >> ikev2 home active esp \ >>from egress to 192.168.99.0/24 \ >>local egress peer vpn.example.com \ >>srcid dion.example.com dstid vpn.example.com >> >>

Re: iked(8) OpenBSD road warrior setup anybody?

On 10/04, Zé Loff wrote: > On "the wanderer" iked.conf: > > ikev2 home active esp \ > from egress to 192.168.99.0/24 \ > local egress peer vpn.example.com \ > srcid dion.example.com dstid vpn.example.com > > On the "wanderer" pf.conf: > > match out on enc0 from any to

Re: iked(8) OpenBSD road warrior setup anybody?

Zé, thank you for your detailed reply! I put some comments in your message below. On 10/04, Zé Loff wrote: > If you mean OpenBSD "at the office" and OpenBSD on a roaming laptop, > this works for me (tm): > > "At the office" iked.conf: > > ikev2 dion passive esp \ > from 192.168.99.0/24

Re: iked(8) OpenBSD road warrior setup anybody?

On 09:47 Tue 04 Oct, Pavel Korovin wrote: > Discussed with Michael off-the-list and found that he has different > setup where iked(8) is not involved. > > Just in case, my question is about OpenBSD native iked(8) setup for > remote access VPN gateway to serve OpenBSD native iked(8) client. > If

Re: iked(8) OpenBSD road warrior setup anybody?

If you mean OpenBSD "at the office" and OpenBSD on a roaming laptop, this works for me (tm): "At the office" iked.conf: ikev2 dion passive esp \ from 192.168.99.0/24 to 192.168.100.3 \ local 192.168.99.1 peer any \ srcid vpn.example.com dstid dion.example.com On "the

Re: iked(8) OpenBSD road warrior setup anybody?

Discussed with Michael off-the-list and found that he has different setup where iked(8) is not involved. Just in case, my question is about OpenBSD native iked(8) setup for remote access VPN gateway to serve OpenBSD native iked(8) client. If anybody has such setup and/or willing to discuss the

Re: iked(8) OpenBSD road warrior setup anybody?

> Does anybody use iked(8) for remote access (aka Road Warrior setup) > from OpenBSD clients? Yes. I do. > There's a lot of info on setting it up for > Windows/Android/iOS clients, but I didn't find anything about > OpenBSD clients setup. The Client Setup is the same for all platforms (AFAIK)

iked(8) OpenBSD road warrior setup anybody?

Dead all, Does anybody use iked(8) for remote access (aka Road Warrior setup) from OpenBSD clients? There's a lot of info on setting it up for Windows/Android/iOS clients, but I didn't find anything about OpenBSD clients setup. I have such setup but with recent changes to iked my VPN connection