Re: OpenBSD as an IKEv2 IPsec client with L/P authent

2018-02-23 Thread csszep
Hi! So the OpenBSD kernel catch udp encapsulated ESP packets by default: netstat -s esp: 4288 input ESP packets 0 output ESP packets 0 packets from unsupported protocol families 0 packets shorter than header shows 0 packets dropped due to policy

Re: OpenBSD as an IKEv2 IPsec client with L/P authent

2018-02-23 Thread csszep
Hi! I tried to complie strongswan with "kernel-libipsec" plugin fro the same reason https://wiki.strongswan.org/projects/strongswan/wiki/Kernel-libipsec The *kernel-libipsec* plugin provides an IPsec backend that works entirely in userland, using TUN devices My experience is that there is

Re: OpenBSD as an IKEv2 IPsec client with L/P authent

2018-02-22 Thread Martijn van Duren
On 02/22/18 09:51, Joel Carnat wrote: Hi, Le 22/02/2018 09:35, Stuart Henderson a écrit : On 2018-02-22, Igor V. Gubenko wrote: I am far from an expert; having issues myself at the moment, but maybe if we get all of the iked experimenters together, we can figure it out :)

Re: OpenBSD as an IKEv2 IPsec client with L/P authent

2018-02-22 Thread Stuart Henderson
On 2018/02/22 09:51, Joel Carnat wrote: > Hi, > > Le 22/02/2018 09:35, Stuart Henderson a écrit : > > On 2018-02-22, Igor V. Gubenko wrote: > > > I am far from an expert; having issues myself at the moment, but maybe > > > if we get all of the iked experimenters together, we

Re: OpenBSD as an IKEv2 IPsec client with L/P authent

2018-02-22 Thread Joel Carnat
Hi, Le 22/02/2018 09:35, Stuart Henderson a écrit : On 2018-02-22, Igor V. Gubenko wrote: I am far from an expert; having issues myself at the moment, but maybe if we get all of the iked experimenters together, we can figure it out :) This definitely isn't going to work,

Re: OpenBSD as an IKEv2 IPsec client with L/P authent

2018-02-22 Thread Stuart Henderson
On 2018-02-22, Igor V. Gubenko wrote: > I am far from an expert; having issues myself at the moment, but maybe > if we get all of the iked experimenters together, we can figure it out >:) This definitely isn't going to work, iked only supports username/password authentication

Re: OpenBSD as an IKEv2 IPsec client with L/P authent

2018-02-21 Thread Igor V. Gubenko
I am far from an expert; having issues myself at the moment, but maybe if we get all of the iked experimenters together, we can figure it out :) First, try "-dvv" ... an extra "v" might give more info. Next, from the existing trace it looks like your endpoint responds, which is good, but your

OpenBSD as an IKEv2 IPsec client with L/P authent

2018-02-15 Thread Joel Carnat
Hi, My FTTH home-box provides IKEv2 server support. I connected my iPhone, via 3G, to it. I can now access my internal home-LAN. So I know it works. I want to do the same with an OpenBSD server hosted in "the Cloud" ; in transport mode as far as I understood the docs. I've struggled with