> On Mar 7, 2015, at 10:39 PM, Josh Grosse <j...@jggimi.homeip.net> wrote: > >> On Sat, Mar 07, 2015 at 08:29:43PM -0500, Joshua Smith wrote: >> Hello misc@, >> >> I am working on setting up site to site ipsec VPN between a few locations >> all with openbsd 5.6 stable "gateways" at them using iked. Since I've never >> done any of this before I am starting with a basic host to host setup using >> pre shared keys in my lab. I am running into an issue where the flows are >> only getting created on one end of the setup. Here are the details: >> >> HOST 1: >> ip address 172.16.204.139 >> iked.conf: ikev2 "test" active esp from 172.16.204.139 to 172.16.204.140 psk >> "test" >> >> HOST 2: >> ip address 172.16.204.139 >> iked.conf: ikev2 "test" esp from 172.15.204.140 to 172.16.204.139 psk "test" > > Hi there. Don't use PSKs with iked(8) and 5.6. Use certs, or use -current. > > http://marc.info/?l=openbsd-misc&m=141562487120440&w=2
Hi Josh, Thanks for pointing this out to me. Seems my search-too wasn't strong enough o dig that out. I'll give it another go with RSA in the morning. That might be the best way to go for my small setup instead of deploying a CA anyhow. Guess that just gives me another option to weigh. -- Joshua Smith Montani Semper Liberi Sent from my iPhone
