Re: IPSec OpenBSD road warrior

2015-08-23 Thread bergers89
I did some further experiments and I think that i need gif/gre tunnels
between those two hosts.  But an additional problem is: How do I set up
such a tunnel when I have no static ip on my notebook (even behind a NAT
gateway) ? 



IPSec OpenBSD road warrior

2015-08-20 Thread Stefan Berger
Hi, 
I am trying to accomplish this:  Connect a laptop (OpenBSD 5.7, road-warrior) 
with IPSec/VPN tunnel to an OpenBSD server.  The laptop is sitting in different 
networks who all do NAT, the server has a static IPv4 address.  The goal is 
to route all the traffic from the laptop to the server, encapsulated as IPSec 
packets.  And then, forward those packages so that communciation goes entirly 
over 'server'. 

On both machines, I created a lo1 device with the addresses 10.0.0.1 (server) 
and 10.0.0.2 (laptop).  So the configuration looks like: 

server NAT GW/DSL router
ext:1.2.3.4   -- internet --  ext:5.6.7.8  laptop
lo1:10.0.0.1  int:192.168.0.1 -  int: 
192.168.0.10
   lo1: 
10.0.0.2

ipsec.conf on the client:
ike esp from egress to 10.0.0.1 peer 1.2.3.4 psk key

ipsec.conf on the server: 
ike passive esp from 10.0.0.1 to any srcid 'servername' psk key

I can ping 10.0.0.1 (from client and server) and see that encrypted packages 
arrive 
and the enc0 says that I got icmp requests from 192.168.0.10.  I don't know, 
how to 
set up my my default route on the laptop (should be 10.0.0.1) (and then, do 
NATting).  
On lo1, there do not arrive any packages. 

Any help is much appreciated. 

Thanks, 
Berger S.