[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-misc
Subject: Re: ikev2 and road warriors setup
From: Kim Zeitler <kim.zeitler () konzept-is ! de>
Date: 2018-10-31 10:50:25
Message-ID: 083b0d0e-c8d0-4453-201f-b06485aa1a14 () konzept-is ! de
[Download RAW message or body]
On 10/28/18 3:04 PM, Radek wrote:
> Hello,
> I really need your help.
> I am still trying to configure Ikev2 VPN Gateway (A.B.C.77/23) for road warriors \
> clients (Windows). The problem is that it works ONLY if clients are in the same \
> subnet as VPN Gateway (A.B.C.0/23). Clients from out of the gateway's subnet \
> (!A.B.C.0/23) can not establish the connection (809 Error). It does not matter if \
> they are behind NAT or not, tried different ISP - the same.
> Current tested client is Win7 (1.2.3.119). It works from A.B.C.0/23
>
> I do not know what I am doing wrong.
> Can anyone please help me with solving this problem?
> Thank you.
>
> This is a fresh 6.3/i386 install:
> # cat /etc/hostname.enc0
> inet 10.0.1.1 255.255.255.0 10.0.1.255
> up
You don't need an IP on enc0
>
> # cat /etc/iked.conf
> ikev2 "test" passive esp \
> from 0.0.0.0/0 to 0.0.0.0/0 \
> local A.B.C.77 peer any \
> srcid A.B.C.77 \
> config address 10.0.1.0/24 \
> config name-server 8.8.8.8 \
> tag "IKED"
Try something like this, it works for both Win7 and Win10:
/etc/iked.conf
---------------------------------
ikev2 "roadWarrior" ipcomp esp \
from 0.0.0.0/0 to 0.0.0.0/0 \
peer any \
srcid $srcid \
config address 10.0.1.0/24 \
config netmask 255.255.255.0 \
config name-server $dns1 \
config name-server $dns2 \
config access-server A.B.C.77 \
config protected-subnet 0.0.0.0/0 \
tag "$id"
'access-server' tells Windows what gateway to use for 'protected-subnet'
(see iked.conf(5)).
["smime.p7s" (application/pkcs7-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic