Yes. I followed all the steps in pkg-readmes.
The following is the ipsec.conf I set.
===============================
$ cat /etc/strongswan/ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
# Add connections here.
conn Leo-CoreaVPN-C
keyexchange=ikev2
eap_identity=susemi
auto=add
left=%any
leftid=susemi
leftauth=eap-mschapv2
leftsourceip=%config
right=leo.coreavpn.net
rightid=leo.coreavpn.net
rightsubnet=0.0.0.0/0
===================================
$ tree -F /etc/strongswan/ipsec.d/
ipsec.d/
|-- aacerts/
|-- acerts/
|-- cacerts/
| `-- leo-ca.pem
|-- certs/
|-- crls/
|-- ocspcerts/
|-- private/
`-- reqs/
Here is the status after the connection is successful.
====================================
$ ipsec status
Security Associations (1 up, 0 connecting):
Leo-CoreaVPN-C[1]: ESTABLISHED 6 seconds ago,
192.168.1.86[susemi]...183.96.249.15[leo.coreavpn.net]
Leo-CoreaVPN-C{1}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs:
0ebb6d0b_i c04d399f_o
Leo-CoreaVPN-C{1}: 172.16.216.86/32 === 0.0.0.0/0
=====================================
$ ifconfig -a
lo0: flags=2008049<UP,LOOPBACK,RUNNING,MULTICAST,LRO> mtu 32768
index 3 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
iwx0:
flags=a48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6TEMP,AUTOCONF6,AUTOCONF4>
mtu 1500
lladdr 98:59:7a:67:ce:e7
index 1 priority 4 llprio 3
groups: wlan egress
media: IEEE802.11 autoselect (VHT-MCS1 mode 11ac)
status: active
ieee80211: join 3-1-403 chan 56 bssid 94:ab:0a:61:87:f8 88% wpakey
wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher ccmp
inet6 fe80::9a59:7aff:fe67:cee7%iwx0 prefixlen 64 scopeid 0x1
inet6 2409:8a3c:4de:e380:cb3e:7cd7:65d:b3fc prefixlen 64 autoconf
pltime 259186 vltime 259186
inet6 2409:8a3c:4de:e380:c295:541:451f:184b prefixlen 64 autoconf
temporary pltime 71839 vltime 171058
inet 192.168.1.86 netmask 0xffffff00 broadcast 192.168.1.255
enc0: flags=0<>
index 2 priority 0 llprio 3
groups: enc
status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136
index 4 priority 0 llprio 3
groups: pflog
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1400
index 5 priority 0 llprio 3
groups: tun
status: active
tun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
index 6 priority 0 llprio 3
groups: tun
status: active
inet 172.16.216.86 --> 0.0.0.0 netmask 0xffffffff
25. 4. 27. 20:49에 Stuart Henderson 이(가) 쓴 글:
On 2025-04-20, 나홍연<skghd...@naver.com> wrote:
Hello, my name is Na Hongyeon and I live in Korea.
When I connect using MSCHAP-V2 for EAP authentication with StrongSwan,
it says that it was successful, but when I ping test it, there is no
actual connection.
StrongSwan isn't really well tested on OpenBSD (and even when it works
at all, it's sub-optimal). All I can say is, it worked at one point
using the setup mentioned in the pkg-readme, but I don't think it's been
tested recently.
Did you follow the steps mentioned in the pkg-readme to set sysctls?
