Hi. Please tell me how to connect to an OpenBSD 7.2 Release
from an OpenBSD 7.2 Release client via iked.
I'm trying to set it up with this documentation,
https://www.openbsd.org/faq/faq17.html#clientikev2
but it just doesn't work.
I have a VDS machine (server) with OpenBSD,
with one external ip-address A.B.C.D,
which I want to connect to from my laptop.
I copied the file from VDS /etc/iked/local.pub to the laptop in
/etc/iked/pubkeys/fqdn/bsd.server.vds and from the laptop the file
/etc/iked/local.pub on VDS in /etc/iked/pubkeys/fqdn/amihailov.laptop
VDS machine settings:
cat /etc/iked.conf
ikev2 'responder_rsa' passive esp \
from any to dynamic \
local any peer any \
srcid bsd.server.vds \
config address 172.24.24.0/24 \
tag "ROADW"
cat /etc/sysctl.conf
net.inet.ip.forwarding=1
pf.conf:
...
block in on vio0
pass out
pass in proto udp from any to port {500, 4500} keep state
pass in proto esp from any
pass on enc0 from any to any
pass on enc0 from any to self keep state (if-bound)
...
# cat /etc/hostname.enc0
inet 172.24.24.1 255.255.255.0 172.24.24.255
up
Laptop settings:
ikev2 'amihailov.laptop' active esp \
from dynamic to any \ \
peer bsd.server.vds \
srcid amihailov.laptop \
dstid bsd.server.vds \
request address any \
iface lo1
When I run iked - I get the following log messages on the server:
https://pastebin.com/raw/rgpTtMzr
And on the laptop:
https://pastebin.com/raw/UUrryZCN
A.B.C.D is the external address of the server,
10.222.222.222 is the address of the laptop in the local network
W.X.Y.Z is the external address of the gateway,
through which the laptop gets to the Internet.
Lo1 interface on the laptop also does not get an ip-address.
I would be very grateful if you could tell me what I am doing wrong.
If you need any additional logs and information, I will send it to you.
Thanks for your attention!
