GRE(4) is the one to save. GIF(4) might work as well, but my tunnel setting was
not correct.
Thanks,
Siegfried
> On Dec 13, 2018, at 10:15 PM, Zhi-Qiang Lei wrote:
>
> After changed my from-to selectors in iked configuration, the gateway is
> almost working.
>
> [VPN Server] /etc/iked.conf:
After changed my from-to selectors in iked configuration, the gateway is almost
working.
[VPN Server] /etc/iked.conf:
ikev2 quick passive ipcomp esp \
from 0.0.0.0/0 to 192.168.1.0/24 \
local egress \
ikesa auth hmac-sha2-512 enc aes-256 prf hmac-sha2-512 group curve25519
Hi Aaron,
Thanks! I also tried gif. But the behavior is quite weird. Through the gif
devices, the gateway and VPN server can ping each other, while the packets on
gateway enc0 from the client routing to the gif device always got bad
checksums. I think it is related to the bugs on gif(4) man pag
Hi Siegfried
(Maintainers of the IPSec stack and ISAKMPD are welcome to tear my answer apart)
IPSec tunnels are, for want of a better term, entirely transparent -
the underlying OS and its clients have no idea that it exists. In
order to route across an IPSec tunnel, use gif(4) to create an
IP-t
Iām building a gateway to encrypt some traffics:
Client ā> Gateway ā> VPN Server ā> Internet
(192.168.1.16) (10.0.0.2)
[Gateway] /etc/iked.conf:
ikev2 quick active ipcomp esp \
from 10.0.0.2 to 0.0.0.0/0 \
local egress peer $vpn_server_ip \
5 matches
Mail list logo
