Hello Tobias,
thanks a lot, that solved the question for me (at least on the server :) ).
Using ASN1 ids iked detects the matching policy. However, it then uses RFC7427
for auth (SIG), but the Windows 10 clients use RSA_SIG. This causes a mismatch
and the connection can't be established. (Yet, W
Hi Alexander,
the log tells us that both times the handshake ends in the successful
establishment of an IKE SA. Like you reported both match the policy 'clientA'
instead of A and B:
> Jul 15 11:06:45 server iked[12701]: sa_state: VALID -> ESTABLISHED from
> 5.6.7.8:4500 to 1.2.3.4:4500 policy 'c
Hello Tobias,
thank you very much for your reply.
Below is the output of ipsecctl -s all
and the verbose output of iked
#
When the first client connects:
(1.2.3.4 is the servers public IP, 5.6.7.8 is the public IP of the DSL modem)
FLOWS:
flow esp in from 10.75.0.0/1
Hi Alexander,
On Fri, Jul 12, 2019 at 02:03:08PM +, Alexander Mischke wrote:
> I can connect fine using a single client, however using more than one client
> breaks the connection for clientA while clientB is able to connect. I've been
> testing this with two clients behind the SAME DSL mode
Hello,
I am currently setting up an Internet facing OpenBSD IPsec (IKEv2) gateway
(with a public IP - no NAT).
The box is running OpenBSD 6.4.
This is supposed to be a roadwarrior setup with multiple Windows 10 Clients.
Authentication is done via client certificates (= Machine Certificates issue
5 matches
Mail list logo
