thank you for the replies. i am told the opnsense fork of pfsense runs a
hardened version of freebsd rather than openbsd.
i think their support for ike v2 is relatively recent. i will try this
again to see if i can get the routing correct.
On Wed, Sep 12, 2018 at 4:43 AM Tobias Brunner
wrote:
Hi Andrew,
> On BSD, a route based VPN has to be used, because it has no policy based
> implementation (as far as I know).
At least on FreeBSD that's not the case, i.e. it has policies just like
other IPsec implementations (including socket policies to whitelist the
IKE sockets). But for virtual
Hello Andrew,
On BSD, a route based VPN has to be used, because it has no policy based
implementation (as far as I know).
Because IKE traffic must not go through the tunnel, a route to the IP of the
peer has to exist that ensures the former.
Because of that, you can't establish tunnels with a TS
hello please can you advise on these errors from opnsense ipsec log:
Sep 9 01:01:24 opnsense charon: 00[DMN] signal of type SIGINT received.
Shutting down
Sep 9 01:01:37 opnsense charon: 00[DMN] Starting IKE charon daemon
(strongSwan 5.6.3, FreeBSD 11.1-RELEASE-p13, amd64)
Sep 9 01:01:37 opnsen