Hi,
My FTTH home-box provides IKEv2 server support.
I connected my iPhone, via 3G, to it. I can now access my internal
home-LAN. So I know it works.
I want to do the same with an OpenBSD server hosted in "the Cloud" ; in
transport mode as far as I understood the docs.
I've struggled with ipsec.conf(5), ipsecctl(8) and iked(8) for a couple
of hours now but I can't connect OpenBSD to the box.
The home-box is using IKEv2 and User/Password authentication mode.
The OpenBSD machine in 6.2/amd64.
I have configured iked.conf(5) like this:
ikev2 active esp \
from egress to 192.168.0.0/24 \
peer 78.192.10.15
And running iked(8) goes:
# iked -dv
set_policy: could not find pubkey for
/etc/iked/pubkeys/ipv4/78.192.10.15
ikev2 "policy1" active esp inet from 108.61.176.54 to 192.168.0.0/24
local any peer 78.192.10.15 ikesa enc aes-256,aes-192,aes-128,3des prf
hmac-sha2-256,hmac-sha1 auth hmac-sha2-256,hmac-sha1 group
modp2048,modp1536,modp1024 childsa enc aes-256,aes-192,aes-128 auth
hmac-sha2-256,hmac-sha1 lifetime 10800 bytes 536870912 rfc7427
ikev2_msg_send: IKE_SA_INIT request from 0.0.0.0:500 to 78.192.10.15:500
msgid 0, 510 bytes
ikev2_recv: IKE_SA_INIT response from responder 78.192.10.15:500 to
108.61.176.54:500 policy 'policy1' id 0, 456 bytes
And that's all :(
Is there a way to use l/p authent with iked(8)?
Or am I just not using the right software? In which case, what would the
proper tool be?
Thanks for help.
