Hello,
ikev2 "vpn" passive esp \
from dynamic to 185.21.22.23/32 \
local egress peer any \
ikesa enc aes-256 prf hmac-sha2-256 auth hmac-sha2-256 group
modp2048 \
childsa enc aes-256 auth hmac-sha2-256 group modp2048 \
srcid 185.21.22.23 \
dstid p7.local \
config address 172.24.24.0/24 \
config name-server 172.24.24.1 \
Any ideas / working config for a dynamic client hosting an iked on a VPS?
When using certificates I always use ASN1_DN for srcid and dstid. It
should look something like this:
srcid "/C=DE/ST=Lower
Saxony/L=Hanover/O=OpenBSD/OU=iked/CN=185.21.22.23/emailAddress=r...@openbsd.org
" \
dstid "/C=DE/ST=Lower
Saxony/L=Hanover/O=OpenBSD/OU=iked/CN=p7.local/emailAddress=r...@openbsd.org"
\
(I have never used "ikectl ca", so I'm not sure what the files a called.
But with something like this you should be able get the srcid/dstid-lines:
openssl x509 -subject -noout -in 185.21.22.23.crt
openssl x509 -subject -noout -in p7.local.crt)