I'm trying to create a VPN between my home network (sitting behind
an OpenBSD router), and a remote server (also an OpenBSD machine).
After reading many man pages and searching previous posts, I'm still
thoroughly confused. What I have so far:
(1) On the remote server:
- fixed IP, let's call it x.y.z.t
- pf.conf:
set skip on { lo, enc }
pass in quick on egress inet proto udp to any port { isakmp,
ipsec-nat-t }
- iked.conf:
ikev2 "sb1" passive esp \
from 10.0.0.102 to 10.0.0.1 \
local x.y.z.t peer any \
srcid x.y.z.t
(2) On the home router:
- the internal network is 192.168.7.0/24, the external IP is dynamic
- pf.conf:
set skip on { lo, enc }
pass in quick on egress inet proto udp to any port { isakmp,
ipsec-nat-t }
match out on enc inet to 10.0.0.102 nat-to 10.0.0.1
match out on egress inet from !(egress:network) nat-to (egress:0)
- iked.conf:
ikev2 "home" active esp \
from 10.0.0.1 (192.168.7.0/24) to 10.0.0.102 \
local egress peer x.y.z.t \
srcid 10.0.0.1
Anyone, a clue stick please?
Regards,
Liviu Daia
