Hello. I have a wonderful OpenBSD server running iked, which accepts VPN connections from the internet with MSCHAP-V2 authentication from various Windows-clients, Linux, and Android. The client is given a ca.crt file, login, password, and server address—and everything works fine.
But I have an OpenBSD laptop that I also want to connect to this iked server from, and I don't understand how to do this. The FAQ describes the OpenBSD client as a roadwarrior, using RSA certificates, but it's unclear how to configure iked as a client with MSCHAP-V2. Configuring two policies that accept all connections from the internet and authenticate either via RSA or MSCHAP-V2 also seems impossible. What's the correct way to do this in my case?
