Hello all,
I'm finally desperate enough to post this to a list...
I have been trying for two days to set up a basic VPN between my OpenBSD
box at home and my OpenBSD box at work.
The box at home is running 3.7 and the box here at work is running 3.9.
I know this is going to look like a lot of information but I don't
really know what else to do:
HOME GATEWAY
------------------------------------------------------------------------------------------------
This is isakmpd.conf on the home end:
[General]
Listen-on=<publicIP>
[Phase 1]
<work public IP> = work
[work]
Phase = 1
Transport = udp
Address = <work public IP>
Local-address=<public IP>
Configuration = Default-main-mode
Authentication =sharedsecret
[Phase 2]
Connections = VPN-home-work
[VPN-home-work]
Phase = 2
ISAKMP-peer=work
Configuration = Default-quick-mode
Local-ID = internal-net
Remote-ID = remote-net
[internal-net]
ID-type=IPV4_ADDR_SUBNET
Network = 192.168.2.0
Netmask = 255.255.255.0
[remote-net]
ID-type=IPV4_ADDR_SUBNET
Network = 10.113.10.0
Netmask = 255.255.255.0
[Default-main-mode]
DOI=IPSEC
EXCHANGE_TYPE=ID_PROT
Transforms=3DES-SHA
[Default-quick-mode]
DOI = IPSEC
EXCHANGE_TYPE=QUICK_MODE
Suites = QM-ESP-3DES-SHA-SUITE
This is isakmpd.policy:
KeyNote-Version 2
Authorizer: "POLICY"
Licensees: "sharedsecret"
Conditions: app_domain == "IPsec policy" && esp_present=="yes"
esp_enc_alg != "null" -> "true";
WORK GATEWAY
------------------------------------------------------------------------------------------------
This is isakmpd.conf on the work end:
[General]
Listen-on = <public IP>
[Phase 1]
<home public IP> = steveHome
[Phase 2]
Connections = VPN-Peachnet-steveHome
[steveHome]
Phase = 1
Transport = udp
Address = <home public IP>
Local-address = <public IP>
Configuration = Default-main-mode
Authentication = sharedsecret
[VPN-Peachnet-steveHome]
Phase = 2
ISAKMP-peer = steveHome
Configuration = Default-quick-mode
Local-ID = local-internal-network
Remote-ID = steveHome-net
[local-internal-network]
ID-type = IPV4_ADDR_SUBNET
Network = 10.113.10.0
Netmask = 255.255.255.0
[steveHome-net]
ID-type = IPV4_ADDR_SUBNET
Network = 192.168.2.0
Netmask = 255.255.255.0
[Default-main-mode]
DOI = IPSEC
EXCHANGE_TYPE = ID_PROT
Transforms = 3DES-SHA
[Default-quick-mode]
DOI = IPSEC
EXCHANGE_TYPE = QUICK_MODE
Suites = QM-ESP-3DES-SHA-SUITE
This is isakmpd.policy on the work end:
KeyNote-Version: 2
Authorizer: "POLICY"
Licensees: "passphrase:sharedsecret"
Conditions: app_domain == "IPsec policy" &&
esp_present == "yes" &&
esp_enc_alg != "null" -> "true";
END CONFIG FILES
---------------------------------------------------------------------------------------------------------
Now as far as I know the config files are OK (I've tired them every
which way)
Now here is what I do. I start up the work end of the VPN (isakmpd -d
-DA=90 >& outfile) and then start
up the home end the same way.
the outfile on the home end is here: http://bartowpc.com/home_outfile
outfile on the work end is here: http://bartowpc.com/work_outfile (I
marked the file about halfway down at around the point where I start my
home isakmpd)
I can provide the TCPDUMPS too if necessary.
I know this is a lot of info to pore over but I'm at my wits end. The
VPN between my home and work isn't even the ultimate goal
here but I'm trying to take it one step at a time.
Thanks a ton for any help!!
