Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Adjust /etc/ipsec.conf of side OpenBSD A ( Adjust for PSK AUTH )
- # cat /etc/ipsec.conf
- local_ip="172.16.123.1"
- local_network="192.168.20.0/24"
- remote_ip="172.16.123.2"
- remote_network="192.168.40.0/24"
- ike esp from $local_network to $remote_network peer $remote_ip
- ike esp from $local_ip to $remote_network peer $remote_ip
- ike esp from $local_ip to $remote_ip
- Adjust /etc/ipsec.conf of side OpenBSD B
- # cat /etc/ipsec.conf
- local_ip="172.16.123.2"
- local_network="192.168.40.0/24"
- remote_ip="172.16.123.1"
- remote_network="192.168.20.0/24"
- ike passive esp from $local_network to $remote_network peer $remote_ip
- ike passive esp from $local_ip to $remote_network peer $remote_ip
- ike passive esp from $local_ip to $remote_ip
- Adjust /etc/pf.conf of both OpenBSD’s ( I will assume that you have a PF with POLICY block all )
- set skip on { lo enc0 }
- # VPN
- pass in log on $ext_if proto esp from $remote_gw to $ext_if
- pass out log on $ext_if proto esp from $ext_if to $remote_gw
- pass in log on $ext_if proto udp from $remote_gw to $ext_if port {isakmp, ipsec-nat-t}
- pass out log on $ext_if proto udp from $ext_if to $remote_gw port {isakmp, ipsec-nat-t}
- pass in log on enc0 from $remote_nets to $int_if:network keep state (if-bound)
- pass out log on enc0 from $int_if:network to $remote_nets keep state (if-bound)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement