tobhe recently committed transport mode support, so here's an example that hopefully providea good starting point for users wanting to set up encrypted tunnels.
Feedback? OK? Index: iked.conf.5 =================================================================== RCS file: /cvs/src/sbin/iked/iked.conf.5,v retrieving revision 1.63 diff -u -p -r1.63 iked.conf.5 --- iked.conf.5 21 Feb 2020 15:17:34 -0000 1.63 +++ iked.conf.5 21 Feb 2020 22:07:03 -0000 @@ -990,6 +990,23 @@ ikev2 "subnet" esp from 10.0.3.0/24 to 1 ikev2 esp from 10.0.5.0/30 to 10.0.5.4/30 peer 192.168.1.2 ikev2 esp from 10.0.5.8/30 to 10.0.5.12/30 peer 192.168.1.3 .Ed +.Pp +This example encrypts an +.Xr gre 4 +tunnel from the local machine A to peer D using FQDN based public key +authentication. +.Ar transport +mode is used to avoid duplicate encapsulation of GRE, +.Ar dstid +is set explicitly to the peer's FQDN such that its public key is looked up even +if the peer does not send its FQDN as peer ID: +.Bd -literal -offset indent +ikev2 transport \e + proto gre \e + from A.example.com to D.example.com \e + peer D.example.com \e + dstid D.example.com +.Ed .Sh SEE ALSO .Xr enc 4 , .Xr ipsec 4 ,
