IKE
Jump to navigation
Jump to search
This is about how to set up Internet Key Exchange for IPsec on OpenBSD
/etc/iked.conf
ikev2 'responder_rsa' passive esp \
from any to dynamic \
local 21.32.43.54 peer any \
srcid router.int.palfreman.com \
config address 10.1.0.0/24 \
tag "ROADW"
PF firewall rules:
# IKE
pass in log on egress proto udp from any to (egress) port {isakmp, ipsec-nat-t} tag IKED
pass in log on egress proto esp from any to (egress) tag IKED
pass log on enc0 tagged ROADW
match out log on egress inet tagged ROADW nat-to (egress:0)