On Fri, 25 Jul 2014, mxb wrote:
>
> Probably, but you can play with ipsec-config and send your results over here.
>
> On 24 jul 2014, at 13:23, Stefan Krueger wrote:
>
> > In mailing.openbsd.misc, you wrote:
> >> the public_ip in your ipsec.conf should be the external ip of your router,
> >> n
Probably, but you can play with ipsec-config and send your results over here.
On 24 jul 2014, at 13:23, Stefan Krueger wrote:
> In mailing.openbsd.misc, you wrote:
>> the public_ip in your ipsec.conf should be the external ip of your router,
>> not the openbsd box.
>>
>> other setup checks can
In mailing.openbsd.misc, you wrote:
> the public_ip in your ipsec.conf should be the external ip of your router,
> not the openbsd box.
>
> other setup checks can be referred to the following article.
>
> http://undeadly.org/cgi?action=article&sid=20120427125048
Say I'm using PPPoE and my IP addre
Bastien,
I just gave it a try with Windows 7 and it needs an ipsec.conf with
main auth "hmac-sha1" enc "3des" group modp2048 \
quick auth "hmac-sha1" enc "aes" \
I've only tested it locally on the same network so no NAT involved, I've
not tried it from the internet behind a firewall/router that i
Daniel,
Good.
Did you try to connect an Windows (Seven or Eight ?) client. Your VPN
server is working on your frontend firewall/router or on a internal server
behind a firewall ?
Regards,
On Tue, Jul 22, 2014 at 8:16 PM, Daniel Polak wrote:
> I got everything to work based on the Undeadly art
I got everything to work based on the Undeadly article and the
information in this thread.
A few remarks:
- when connecting with an iPhone 3des in ipsec.conf should be replaced
by aes
- uncomment the line with net.pipex.enable=1 in sysctl.conf
- add npppd_flags="" to rc.conf.local so npppd is star
Wow, that is some response!
I'll give it a try today or tomorrow.
Thank you Bastien, Gordon, Chenghan and mxb.
Original message from mxb at 22-7-2014 13:15
> As been the original author of undeadly.org article I can state that info in
> is stil partially valid, except npppd.conf part.
pool-address in the same subnet may not work as you expect it.
proxyarp needed. at least I’v seen a discussion regarding this, so I have
separate network for vpn-clients.
This might have changed.
framed-ip-address - yes, it should be within subnet range used for l2tp-clients
//mxb
On 22 jul 20
Thanks, that is good to know.
I am running Tomato flashed on a old Linksys, so it sounds like things
_should_ work behind the router. Until I replace it w/ OpenBSD of
course.
On 2014-07-22 07:05, chenghan tv wrote:
OpenBSD L2TP/IPSec will work behind a Linux NAT port forwarding with
iptable
Thanks mxb,
Can you confirm the `npppd.conf` note?
- NOTE: `pool-address` valus should be a block of addresses in the same
subnet of the internal network.
And the npppd-users note?
- NOTE: The `framed-ip-address` value should be in the `pool-address`
block from `/etc/npppd/npppd.conf`.
Are
As been the original author of undeadly.org article I can state that info in is
stil partially valid, except npppd.conf part.
So here it goes:
tunnel L2TP protocol l2tp {
listen on 1.2.3.4
l2tp-hostname "vpn"
l2tp-vendor-name "OpenBSD"
l2tp-accept-dialin yes
OpenBSD L2TP/IPSec will work behind a Linux NAT port forwarding with
iptables, based on my previous experience. iOS and OSX VPN clients work
fine, but not working for Windows. FYI.
Gordon Turner wrote:
> On 2014-07-22 05:33, Daniel Polak wrote:
>
>> I'll give it a go with what I found but if an
On 2014-07-22 05:33, Daniel Polak wrote:
I'll give it a go with what I found but if anyone who has it working
with local authentication can post their ipsec.conf and npppd.conf, I
would appreciate it!
Here are my notes, granted I am in the middle of getting things sorted
out, so these are not
>> I've not been able to find a clear write up on the web of a complete
>> working configuration for making a L2TP / IPsec VPN connection to an
>> OpenBSD machine with an iPhone.
I found this French link (2012 with the old npppd config, but you may adapt
to the new syntax ?) which detail a working
I'm about to do the same and was gathering the necessary information
yesterday.
The best thread I found was this one:
http://marc.info/?l=openbsd-misc&m=138836875831549&w=1
The article on Undeadly
http://undeadly.org/cgi?action=article&sid=20120427125048 is outdated.
I've not been able to find a
Em 21-07-2014 10:04, Gordon Turner escreveu:
> Thanks,
>
> After making this change, I no long see errors in /var/log/messages,
> but the device times out trying to connect.
Probably that's because the router is dropping the packets. I'm guessing
it does not have a stateful packet firewall.
>
> I w
On 2014-07-21 01:36, chenghan tv wrote:
the public_ip in your ipsec.conf should be the external ip of your
router, not the openbsd box.
Thanks,
After making this change, I no long see errors in /var/log/messages, but
the device times out trying to connect.
I will check other logs to see if
I’d made cable modem act as bridge and let OpenBSD handle public IP/firewall
(guessing it is DHCP).
In this setup you’d eliminate this extra device with forwarding ports and
simplified debugging.
//mxb
On 21 jul 2014, at 02:35, Gordon Turner wrote:
> Hey List,
>
> I am trying to use OpenBSD
the public_ip in your ipsec.conf should be the external ip of your router,
not the openbsd box.
other setup checks can be referred to the following article.
http://undeadly.org/cgi?action=article&sid=20120427125048
2014/7/21 ä¸å10:19 æ¼ "Gordon Turner" 寫éï¼
> Hey List,
>
> I am trying
I'd start isakmpd in foreground mode(read verbose mode) and see what it prints
out, while iPad tries to connect to it.
On 15 jan 2013, at 20:35, Ted Wynnychenko wrote:
> Hello
>
> This may be off topic, since I don't think it's an openbsd issue, but
> (honestly) I have run out of ideas about
20 matches
Mail list logo
