On 25.2.2019. 16:44, Michael Lam wrote:
> Hi,
>
> I have a very straight forward setup use case that I want to use my
> OpenBSD router as a VPN gateway, which will accept IKEv2 road warrior
> connections from the Internet and route all traffics through my
> router.
>
> I am using a ms-chapv2 authentication and a letsencrypt certificate,
> which I can successfully obtain. All my clients are Apple devices
> with latest iOS installed. They normally are connected to the Internet
> directly without going through this router.
>
> Configuration as below:
>
> user “a” "123456"
> user “b” "246810"
> user “c” "135791"
>
> set passive
>
> ikev2 "rw" passive esp \
> from any to 172.20.11.0/24 \
> local any peer any \
> srcid my.fqdn.org \
> eap mschap-v2 \
> config protected-subnet 172.20.10.0/24 \
> config address 172.20.11/0/24 \
^
is this typo?