Open main menu

Aram's Wiki β

Changes

OpenBSD VPN gateway using IPSec/IKEv2

453 bytes added, 15:32, 10 May 2019
Configure iked
== Configure iked ==
 
=== Create VPN CA ===
 
ikectl ca VPN create
ikectl ca VPN install
ikectl ca VPN certificate swtch.mgk.ro create server
ikectl ca VPN certificate swtch.mgk.ro install
ikectl ca VPN certificate emerald.local create client
ikectl ca VPN certificate emerald.local install
ikectl ca VPN certificate emerald.local export
 
Move emerald.local.tgz to client machine.
 
=== iked.conf ===
So far we are using pre shared keys.
Use:
ikev2 "vpn" passive ipcomp esp \ from 0.0.0.0/0 to 0.0.0.0/0 \ from ::0/0 to ::0/0 \ local egress peer any \ psk "XXXXX" ikesa enc aes-256 prf hmac-sha2-256 auth hmac-sha2-256 group modp2048 \ childsa enc aes-256 auth hmac-sha2-256 group modp2048 \ srcid swtch.mgk.ro \ config address 172.24.24.0/24 \ config address 2001:470:8c78203a:a0::/64 \ config name-server 172.24.24.1 \ config name-server 2001:470:8c78203a:a0::1 \ tag "vpn$name-$id" tap enc0
Enable the service: