I am looking to configure iked(8) on my OpenBSD router to provide IPsec services to remote clients. I would like to tunnel (nearly) all my traffic from my phone or laptop back into my home router, and leverage the services there (DNS, firewall, etc.), then either access my local network or the rest of the internet. I think I want my router to be a VPN proxy - is there more accurate/common terminology?
I am having difficulty extracting what is and is not relevant from the iked.conf(5) man page, since this is new terminology to me. I believe that the first example is most appropriate for my router configuration, adapted something like this: # candidate iked.conf set mobike user "test" "password123" ikev2 esp \ eap "mschap-v2" \ config dhcp-server 10.0.0.1 The parts I'm confused on are the from/to and peer/local fields. Which pair describes the IPs of the tunnel endpoints, and which describes the traffic allowed to flow through the tunnel? I guess I don't know whether "IPsec flow" refers to the encapsulating ESP packets or the encapsulated traffic. Thanks for any help / cluebats. --david
