I have a Sun Blade 100 with OpenBSD 4.2-current (Dec 18). I'm trying to configure it as a router/access point for my home network. The hardware is as shipped from Sun except that I have added an extra network card and a wireless card (re0 and ral0). I can send a dmesg if anyone thinks it would be helpful.
Ultimately my goal is to configure the wireless to use authpf and IPSec, similar to the configuration presented in: http://www.openbsd-support.com/jp/en/htm/mgp/pacsec05/index.html I have IPSec working between the clients and the OpenBSD box, and almost everything is working with only a slight increase in latency. But, loading very complex websites (yahoo, YouTube) takes so long that the HTTP connection will reset before the browser is done. I can't figure out why this is happening and didn't find anything similar when I searched the archives. I would really appreciate it if someone could take a look at the minimal configuration below and tell me where I am messing up. If I left out a configuration file that you need or if you need me to run commands for you, please let me know. I also have an OpenBSD server on the wired portion of the network that can be used for testing if necessary. Thanks in advance for any help you can provide. --MHC Note: ral0 on the OpenBSD system is 172.16.1.1. Windows Clients: I am connecting using a simple vpn.bat: ipseccmd -u ipseccmd.exe -f 0=* -n ESP[3DES,SHA] -t 172.16.1.1 -a PRESHARE:"testword" -1s 3DES-SHA-2 ipseccmd.exe -f *=0 -n ESP[3DES,SHA] -t %1 -a PRESHARE:"testword" -1s 3DES-SHA-2 OpenBSD: # cat /etc/pf.conf # $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $ # # See pf.conf(5) and /usr/share/pf for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. ext_if="gem0" int_if="re0" wifi="ral0" set skip on {lo enc0} scrub in nat on $ext_if from !($ext_if) -> ($ext_if:0) block in pass out on $ext_if pass in proto tcp to port ssh pass on $wifi no state pass on $int_if no state # cat /etc/ipsec.conf # $OpenBSD: ipsec.conf,v 1.5 2006/09/14 15:10:43 hshoexer Exp $ # # See ipsec.conf(5) for syntax and examples. wifi="172.16.0.0/16" ike passive esp from any to $wifi \ main auth hmac-sha1 enc 3des group modp1024 \ quick auth hmac-sha1 enc 3des group none \ psk testword # cat /etc/rc.conf.local ntpd_flags= # enabled during install dhcpd_flags="-Ldhcp-leases -Adhcp-abandoned" pf= named_flags= isakmpd_flags="-4K" ipsec=YES
