I offered to help a local nonprofit complete a failed volunteer effort. They already had a number of low cost devices the original volunteer installed openwrt on. The design is to interconnect their various locations via a central public VM running OpenBSD. Sounds easy, doesn't it? FWIW I have configured many ipsec tunnels, L3 and L2, between OpenBSD systems, also between OpenBSD and various network hardware vendors. They all work fine.
I figured getting this going would be pretty straightforward, now I feel like I'm in the midst of a really long bad acid trip. Last weekend I quickly got OpenBSD iked and openwrt strongswan configured to establish Security Associations, since then I've struggled in my attempt to get a flow created. It doesn't help that openwrt (Linux) uses musical chairs when it comes to ipsec support. It appears Linux ipsec uses xfrm to create states and policies, I see the states but no policies. Worse yet when I reach out to people I know who use openwrt pretty much say, just use Wireguard. If anyone out there has configured ipsec tunnels between openwrt and OpenBSD I'd appreciate some insight. thanks diana cc'd to my other email address
