You need a server-signed certificate.
Sent from ProtonMail Mobile
On Wed, Jun 28, 2017 at 11:18 AM, Liviu Daia <liviu.d...@gmail.com> wrote:
> I'm trying to create a VPN between my home network (sitting behind an OpenBSD
> router), and a remote server (also an OpenBSD machine). After reading many
> man pages and searching previous posts, I'm still thoroughly confused. What I
> have so far: (1) On the remote server: - fixed IP, let's call it x.y.z.t -
> pf.conf: set skip on { lo, enc } pass in quick on egress inet proto udp to
> any port { isakmp, ipsec-nat-t } - iked.conf: ikev2 "sb1" passive esp from
> 10.0.0.102 to 10.0.0.1 local x.y.z.t peer any srcid x.y.z.t (2) On the home
> router: - the internal network is 192.168.7.0/24, the external IP is dynamic
> - pf.conf: set skip on { lo, enc } pass in quick on egress inet proto udp to
> any port { isakmp, ipsec-nat-t } match out on enc inet to 10.0.0.102 nat-to
> 10.0.0.1 match out on egress inet from !(egress:network) nat-to (egress:0) -
> iked.conf: ikev2 "home" active esp from 10.0.0.1 (192.168.7.0/24) to
> 10.0.0.102 local egress peer x.y.z.t srcid 10.0.0.1 Anyone, a clue stick
> please? Regards, Liviu Daia
