On 2020-11-16, Ian Timothy <i...@thrivedata.it> wrote:
> I’ve been a long time user of OpenBSD, but this is the first time I’m trying
> to setup a VPN. I’m not sure what I’m doing wrong, or what should be the next
> step to troubleshoot. I’ve probably reviewed every IKEv2 how-to I can find.
>
> I need to end up with a configuration that will support several simultaneous
> roaming users connecting from anywhere they happen to be.
>
> Client:
> macOS 10.15.7
> Using builtin VPN client
>
> Server:
> OpenBSD 6.6
6.8 is recommended, iked has seen a lot of improvements since 6.6.
> em1 = 23.X.X.128/29
> em0 = 10.0.0.0/16
> enc0 = 10.1.0.0.16
enc0 should not be configured with an address
> From the client I can connect to 10.0.0.1 but anything outside that network
> traffic slows but does not return:
> # --- server: sysctl net.inet.{ipcomp.enable,esp.enable,esp.udpencap} ---
>
> net.inet.ipcomp.enable=1
> net.inet.esp.enable=1
> net.inet.esp.udpencap=1
net.inet.ip.forwarding?
