Hi!
I'm basically trying to setup a VPN between a linux box (debian) and an
OpenBSD one.
I'd like to use a RSA for that VPN.
With PSK, I can make the VPN, but looks so hard build a tunnel with RSA
keying.
I try this:
Linux Box:
######file: /etc/ipsec.conf
config setup
interfaces=%defaultroute
plutodebug="all"
nat_traversal=yes
plutowait=yes
nhelpers=0
uniqueids=yes
conn OpenBSD
type=tunnel
left=172.20.82.65
leftrsasigkey=0sAQPKKAz...
right=172.20.82.57
rightsubnet=192.168.1.0/24
rightrsasigkey=0sAQPF5ZXJfL...
keyexchange=ike
esp=aes128-sha1
ike=aes128-sha1-modp1024
auto=route
auth=esp
authby=rsasig
pfs=yes
keyingtries=%forever
rekeymargin=4m
disablearrivalcheck=no
rekey=yes
aggrmode=no
######file: /etc/ipsec.secrets
:RSA {
# RSA 1024 bits ncdres09 Thu Oct 30 10:56:33 2008
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=0sAQPKKAz...
.
.
.
.
}
------------------------------------------------------------------------------------------------------------------------------
OBSD box:
######file: /etc/ipsec.conf
ipv4_linux = "172.20.82.65"
ipv4_addr = "172.20.82.57"
ipv4_addr_subnet = "192.168.1.0/24"
ike esp from $ipv4_addr to $ipv4_linux quick auth hmac-sha1 enc aes group
modp1024
ike esp from $ipv4_addr_subnet to $ipv4_linux quick auth hmac-sha1 enc aes
group modp1024
######file: /etc/isakmpd/local.pub
-----BEGIN PUBLIC KEY-----
0sAQPF5ZXJfL...
-----END PUBLIC KEY-----
######file: /etc/isakmpd/pubkeys/ipv4/172.20.82.65
0sAQPKKAz...
------------------------------------------------------------------------------------------------------------------------------
OBS: these IP's are fake.
Someone know if that would work?
Have some hint for me?
Thank you!
Pedro David
