Hi, I will try your puffy to puffy. Looks so simple, that there are obviously no Errors đ.
Puffy to Android Comes next.. Puffy to puffy # cat /etc/iked.conf ikev2 âvirtualmachineâ passive esp from 172.0.16.0/24 to 192.168.10.0/24 \ local egress peer any psk âsecretâ # cat /etc/iked.conf ikev2 âopenbsdgwâ active esp from 192.168.10.0/24 to 172.0.16.0/24 \ local egress peer 10.20.30.10 psk âsecretâ ---------------------------- OpenBSD 6.X ( IPHONE AND STRONGSWAN ) ikev2 "roadwarrior" passive esp from 0.0.0.0/0 to 10.20.30.0/24 \  local egress peer any \  ikesa enc aes-256 auth hmac-sha2-256 group modp2048 \  childsa enc aes-256 auth hmac-sha2-256 group modp2048 \  dstid r...@openbsd.org psk "psk_passphrase" config address 10.20.30.32 Iphone = just disable certificates and set psk Interoperability with StrongSwan # cat /etc/ipsec.conf ipsec.conf â strongSwan IPsec configuration file # basic configuration config setup conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 keyexchange=ikev2 authby=secret ike=aes256-sha256-modp2048! esp=aes256-sha256-modp2048! conn strongswan left=%any leftfirewall=yes leftsourceip=%config right=REMOTE_PEER_IP rightid=puffymagic.ikedvpn.com rightsubnet=192.168.0.0/24,172.8.50.0/24 ( networks you want access on other side ) ( behind magic puffer fish ) auto=add # cat /etc/ipsec.secrets # ipsec.secrets â strongSwan IPsec secrets file : PSK âstrongopenikedâ Hope it helps You welcome ! 2018-05-29 9:42 GMT-03:00 Jan <jd.arb...@googlemail.com>: Hi Christophe, i think iâve got it now. I removed the âconfigâ Options from the Server config and things started working. (for what interface should they be applied at all ?) Since then my home lan (192.168.1.0/24) stoped working for other devices at home. When this is working again i will post my Setup. I think now everything from 192.168.1.0/24 gets routed through vpn to my Notebook and others are not allowed anymore. Maybe putting vpn ips and local ips in different address ranges is a good idea⌠Jan
