Thanks for your guide.
But my truble is:
1. isp lan - i get IP by dhclient(ip + default route + dns)
2. I have global ip, but this is not working. In ifconfig i cant see my
global ip.(((
How setup /etc/ipsec.conf with dhclient with global IP???
04.10.2014 18:54, Zhi-Qiang Lei пишет:
On Oct 4, 2014, at 5:51 PM, mishve...@rambler.ru wrote:
I have OpenBSD 5.4 amd64. I install npppd and configure IPSec(l2tp +
password).
LAN 192.168.1.1/255.255.255.0
WAN(ISP NET; Connect by MAC ddress) 10.0.0.1/255.0.0.0
ISP GET ME GLOBAL IP SERVER1-Openbsd - 1.2.3.4
WIN 2003 SERVER2 IP - 9.8.7.6
WIN 2003 SERVER3 IP - 192.168.1.100
When server boot
# cat /etc/hostname.em0
inet 192.168.1.1 255.255.255.0
# ifconfig em0
em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
priority: 0
media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
status: active
inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255
# cat /etc/hostname.re0
dhcp
# ifconfig re0
re0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
status: active
inet 10.200.81.220 netmask 0xf000 broadcast 10.200.95.255
# route show
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default 10.200.80.1 UGS 6 1439 - 8 re0
10.200.80/20 link#2 UC 1 0 - 4 re0
10.200.80.1 28:6e:d4:6e:0a:e1 UHLc 1 0 - 4 re0
10.200.81.220 localhost UGS 0 0 33144 8 lo0
loopback localhost UGRS 0 0 33144 8 lo0
localhost localhost UH 2 35 33144 4 lo0
192.168.1/24 link#1 UC 2 0 - 4 em0
192.168.1.67 00:1a:13:18:b3:7c UHLc 0 0 - 4 em0
192.168.1.255 link#1 UHLc 3 43 - 4 em0
BASE-ADDRESS.MCAST localhost URS 0 0 33144 8 lo0
# cat /etc/resolv.conf
# Generated by re0 dhclient
search smilenet.ru
nameserver 10.0.1.24
nameserver 10.0.1.13
From LAN i connect win server 192.168.1.100 to 192.168.1.1.
From internet i can't connect win server 9.8.7.6 to 1.2.3.4
# cat /etc/ipsec.conf
ike passive esp transport proto udp from 192.168.1.1 to 192.168.1.100 port
1701
main auth hmac-sha1 enc 3des group modp2048 quick auth hmac-sha1 enc
3des
psk pass
ike passive esp transport proto udp from 10.200.81.220 to 9.8.7.6 port 1701
main
auth hmac-sha1 enc 3des group modp2048 quick auth hmac-sha1 enc 3des
psk
pass
ike passive esp transport proto udp from 1.2.3.4 to 9.8.7.6 port 1701 main
auth
hmac-sha1 enc 3des group modp2048 quick auth hmac-sha1 enc 3des psk
pass
# tail /var/log/daemon
isakmpd: message_recv: invalid message id
isakmpd: dropped message from 9.8.7.6 port 500 due to notification type
INVALID_MESSAGE_ID
Please help me connect server2 9.8.7.6 to 1.2.3.4
L2TP over IPsec on OpenBSD 5.5 is very easy for me, you may read my guide.
http://siegfried.github.io/unix/openbsd/vpn/ipsec/l2tp/2014/09/29/l2tp-over-ipsec-vpn-on-openbsd-5-5/