Hi list,
I sent the following on 2024-07-05 and didn't receive any responses, so
I thought I would post it again - please see below and thanks in advance!
--------------
Hi list,
It occurs to me that I did not include the configuration I have for iked
(iked.conf), which would probably be helpful ... I also didn't mention
the version of OpenBSD I was running as my server, which is 7.5.
I run a "road-warrior" configuration similar to what is displayed in the
OpenBSD FAQ[0]. Here is my configuration:
ikev2 "VPN" passive ipcomp tunnel esp \
from any to dynamic \
local egress peer any \
srcid server.home.arpa \
dstid client.home.arpa \
rsa \
config address 10.0.5.0/24 \
tag "ROADW"
As mentioned in my previous e-mail, sometimes connections will be made
to my VPN server that display the following:
Jul 5 10:55:47 server iked[15172]: spi=0x7680ddead2051f3c:
ikev2_send_auth_failed: authentication failed for
I am wondering if this is an indication of someone attempting to
authenticate using public key/certificate authentication and being
_rejected_ by iked ?
My hypothesis is that iked does not name an identity because this is
certificate based authentication vs. MSCHAPv2 for EAP authentication
which would provide an identity (ie: a username).
Is that correct ?
Thanks,
- J
