>Stuart Henderson
>ps, show ipsecctl -sf output (censored if necessary)
No need to censor : as I said, everything is tested in virtual machines.
The full config files...
iked.conf on the gateway :
=====================
GATEWAY="gateway.my.domain"
GATEWAY_IP="192.168.0.50"
VPN="vpn.my.domain"
VPN_IP="192.168.0.70"
CLIENT="192.168.10.10"
ikev2 'toto' active esp \
proto tcp \
from $CLIENT to any port https \
local $GATEWAY_IP peer $VPN_IP \
srcid $GATEWAY dstid $VPN
iked.conf on the VPN :
=================
GATEWAY="gateway.my.domain"
GATEWAY_IP="192.168.0.50"
VPN="vpn.my.domain"
VPN_IP="192.168.0.70"
CLIENT="192.168.10.10"
ikev2 "toto" passive esp \
proto tcp \
from any port https to $CLIENT \
local $VPN_IP peer $GATEWAY_IP \
srcid $VPN dstid $GATEWAY \
tag "titi"
The command 'ipsecctl -sf' on the gateway :
=================================
flow esp in proto tcp from 0.0.0.0/0 to 192.168.10.10 peer 192.168.0.70
srcid FQDN/gateway.my.domain dstid FQDN/vpn.my.domain type require
flow esp out proto tcp from 192.168.10.10 to 0.0.0.0/0 peer 192.168.0.70
srcid FQDN/gateway.my.domain dstid FQDN/vpn.my.domain type require
Regards.
Le sam. 4 oct. 2025 à 14:17, Stuart Henderson <[email protected]> a
écrit :
> ps, show ipsecctl -sf output (censored if necessary)
>
>
> --
> Please keep replies on the mailing list.
>
>
