Adjust /etc/ipsec.conf of side OpenBSD A ( Adjust for PSK AUTH )# cat /etc/i

1. Adjust /etc/ipsec.conf of side OpenBSD A ( Adjust for PSK AUTH )
2.  
3. # cat /etc/ipsec.conf
4.  
5. local_ip="172.16.123.1"
6. local_network="192.168.20.0/24"
7. remote_ip="172.16.123.2"
8. remote_network="192.168.40.0/24"
9.  
10. ike esp from $local_network to $remote_network peer $remote_ip
11. ike esp from $local_ip to $remote_network peer $remote_ip
12. ike esp from $local_ip to $remote_ip
13.  
14. Adjust /etc/ipsec.conf of side OpenBSD B
15.  
16. # cat /etc/ipsec.conf
17.  
18. local_ip="172.16.123.2"
19. local_network="192.168.40.0/24"
20. remote_ip="172.16.123.1"
21. remote_network="192.168.20.0/24"
22.  
23. ike passive esp from $local_network to $remote_network peer $remote_ip
24. ike passive esp from $local_ip to $remote_network peer $remote_ip
25. ike passive esp from $local_ip to $remote_ip
26.  
27.  
28.  
29. Adjust /etc/pf.conf of both OpenBSD’s ( I will assume that you have a PF with POLICY block all )
30.  
31. set skip on { lo enc0 }
32.  
33. # VPN
34. pass in log on $ext_if proto esp from $remote_gw to $ext_if
35. pass out log on $ext_if proto esp from $ext_if to $remote_gw
36.  
37. pass in log on $ext_if proto udp from $remote_gw to $ext_if port {isakmp, ipsec-nat-t}
38. pass out log on $ext_if proto udp from $ext_if to $remote_gw port {isakmp, ipsec-nat-t}
39.  
40. pass in log on enc0 from $remote_nets to $int_if:network keep state (if-bound)
41. pass out log on enc0 from $int_if:network to $remote_nets keep state (if-bound)