Difference between revisions of "IKE"
Jump to navigation
Jump to search
(First save) |
(No difference)
|
Latest revision as of 22:46, 15 September 2023
This is about how to set up Internet Key Exchange for IPsec on OpenBSD
/etc/iked.conf
ikev2 'responder_rsa' passive esp \ from any to dynamic \ local 21.32.43.54 peer any \ srcid router.int.palfreman.com \ config address 10.1.0.0/24 \ tag "ROADW"
PF firewall rules:
# IKE pass in log on egress proto udp from any to (egress) port {isakmp, ipsec-nat-t} tag IKED pass in log on egress proto esp from any to (egress) tag IKED pass log on enc0 tagged ROADW match out log on egress inet tagged ROADW nat-to (egress:0)