> hello
>
> I have 2 iked servers and 2 Road Warriors Laptops, all OBSD 7.4.
>
> When should/must to create certificates?
>
> I am not on my OBSD laptop, then i do not have access to logs/iked -dv;
> but i sow that in both cases: server/roadwarrior iked ask for ca.
>
> Server 1 config:
> This server is connected to a Laptop server/roadwarrior.
>
> ikev2 'agroena.org.pub' passive esp \
> from 10.0.1.0/24 to 10.0.2.0/24 \
> local 66.135.5.128 peer 24.80.177.18 \
> srcid agroena.org
>
> ikev2 'agroena.org.pub' passive esp \
> from any to dynamic \
> local 66.135.5.128 peer any \
> srcid agroena.org \
> config address 10.0.5.0/24 \
> tag "ROADW"
>
the initiator conf:
ikev2 'roadwarrior.pub' active esp \
from 10.0.2.0/24 to 10.0.1.0/24 \
peer 66.135.5.128 \
srcid roadwarrior
ikev2 'roadwarrior.pub' active esp \
from dynamic to any \
peer 66.135.5.128 \
srcid roadwarrior \
dstid agroena.org \
request address any \
iface lo1
> Server 2 config:
> This server is connected to a different Laptop server/roadwarrior.
>
> ikev2 'hawk.host.planetofnix.com.pub' passive esp \
> from 10.0.1.0/24 to 10.0.2.0/24 \
> local 38.87.162.174 peer 24.80.177.18 \
> srcid hawk.host.planetofnix.com
>
> ikev2 'hawk.host.planetofnix.com.pub' passive esp \
> from any to dynamic \
> local 38.87.162.174 peer any \
> srcid hawk.host.planetofnix.com \
> config address 10.0.5.0/24 \
> tag "ROADW"
>
Road warrior conf:
ikev2 'roadwarrior.pub' active esp \
from 10.0.2.0/24 to 10.0.1.0/24 \
peer 38.87.162.174 \
srcid hawk.MiRed
> Thanks so much for your attention.
>
