This short article looks at how to get a fully functional IPSec VPN up and running between two fresh OpenBSD installations in about four minutes flat.
Expand all |
Post comment
Zero to IPSec in 4 minutes
2006-03-20
Anonymous (1 replies)
Anonymous (1 replies)
on OpenBSD 4.0 (not tested on later versions) I had to enable ESP and AH to get IPsec working (I`ve not tried to enable each one only). Before it I got errors as below:
isakmpd: exchange_run: doi->initiator failed isakmpd: pf_key_v2_get_spi: GETSPI: Operation not supported
isakmpd: initiator_send_HASH_SA_NONCE: doi->get_spi failed
To enable, run from shell:
sysctl net.inet.esp.enable=1
sysctl net.inet.ah.enable=1
(to set it on boot uncomment and set to =1 these lines in /etc/sysctl.conf)
As a suggestion, you could add some pointers to documentation about how to set up more complex IPsec scenarios, since this is a basic one.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1859/1079#1079