Re: IPSec OpenBSD road warrior

2015-08-23 Thread bergers89
I did some further experiments and I think that i need gif/gre tunnels
between those two hosts.  But an additional problem is: How do I set up
such a tunnel when I have no static ip on my notebook (even behind a NAT
gateway) ? 

IPSec OpenBSD road warrior

2015-08-20 Thread Stefan Berger
I am trying to accomplish this:  Connect a laptop (OpenBSD 5.7, road-warrior) 
with IPSec/VPN tunnel to an OpenBSD server.  The laptop is sitting in different 
networks who all do NAT, the server has a static IPv4 address.  The goal is 
to route all the traffic from the laptop to the server, encapsulated as IPSec 
packets.  And then, forward those packages so that communciation goes entirly 
over 'server'. 

On both machines, I created a lo1 device with the addresses (server) 
and (laptop).  So the configuration looks like: 

server NAT GW/DSL router
ext:   -- internet --  ext:  laptop
lo1:  int: -  int:

ipsec.conf on the client:
ike esp from egress to peer psk key

ipsec.conf on the server: 
ike passive esp from to any srcid 'servername' psk key

I can ping (from client and server) and see that encrypted packages 
and the enc0 says that I got icmp requests from  I don't know, 
how to 
set up my my default route on the laptop (should be (and then, do 
On lo1, there do not arrive any packages. 

Any help is much appreciated. 

Berger S.