Difference between revisions of "IKE"

From Palfrepedia

Jump to navigation Jump to search

Latest revision as of 22:46, 15 September 2023

This is about how to set up Internet Key Exchange for IPsec on OpenBSD

/etc/iked.conf

ikev2 'responder_rsa' passive esp \
        from any to dynamic \
        local 21.32.43.54 peer any \
        srcid router.int.palfreman.com \
        config address 10.1.0.0/24 \
        tag "ROADW"

PF firewall rules:

# IKE
pass in log on egress proto udp from any to (egress) port {isakmp, ipsec-nat-t} tag IKED
pass in log on egress proto esp from any to (egress) tag IKED
pass log on enc0 tagged ROADW
match out log on egress inet tagged ROADW nat-to (egress:0)

Retrieved from ‘https://palfrepedia.palfreman.com/index.php?title=IKE&oldid=654’