community.riocities.com

Configure OpenIKE Site to Site VPN in OpenBSD

Introduction

This HOWTO cover how to configure OpenIKE (IKE v2) on OpenBSD.

Network Topology

Configuration

/etc/iked.conf on VPN1

remote_gw    = "82.182.106.1"
local_gw     = "192.168.102.2"

ikev2 active esp from $local_gw to $remote_gw psk "CHANGE_THIS_TO_A_STRONG_PSK"
ikev2 active esp from 192.168.100.0/24 to 192.168.200.0/24 peer $remote_gw psk "CHANGE_THIS_TO_A_STRONG_PSK"
ikev2 active esp from 192.168.102.0/24 to 192.168.200.0/24 peer $remote_gw psk "CHANGE_THIS_TO_A_STRONG_PSK"

/etc/iked.conf on VPN2

remote_gw    = "82.182.103.1"
local_gw     = "192.168.200.2"

ikev2 active esp from $local_gw to $remote_gw psk "CHANGE_THIS_TO_A_STRONG_PSK"
ikev2 active esp from 192.168.200.0/24 to 192.168.100.0/24 peer $remote_gw psk "CHANGE_THIS_TO_A_STRONG_PSK"
ikev2 active esp from 192.168.200.0/24 to 192.168.102.0/24 peer $remote_gw psk "CHANGE_THIS_TO_A_STRONG_PSK"

Bring up enc0

ifconfig enc0 up

Ports to forward in GW1 and GW2

UDP 500 and UDP 4500

Auto start when booting

echo "iked_flags=YES" >> /etc/rc.conf.local

echo "up" > /etc/hostname.enc0

Published

Author

magnus

Category

VPN

Tags