Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

IPsec OpenBSD: Difference between revisions

No edit summary
== Overview and requirements ==
 
This has been tested using pre-shared keys between a Firebrick FB2700 and OpenBSD 5.7-RELEASE.
 
We had to add some workarounds to the FireBrick IPsec code to cope with some protocol negotiation issues with OpenBSD's IKEv2 implementation. We are in talks with the OpenBSD developers about which end is doing things correctly, but for the moment you will need a FireBrick with firmware version 1.36.032 or newer for this to work.
 
In this example, IP addresses are assigned as follows:
* 192.0.2.1 FireBrick FB2700
* 192.0.2.2 OpenBSD machine
* 198.51.100.0/24 LAN of machines behind FireBrick
* 203.0.113.0/24 LAN of machines behind OpenBSD
 
 
== FireBrick configuration ==
 
<code>
<ipsec-ike allow="192.0.2.2">
<connection name="openbsdtest" local-ip="192.0.2.1" peer-ips="192.0.2.2" graph="openbsd ipsec"
routes="203.0.113.0/24" local-ID="192.0.2.1"
peer-ID="192.0.2.2" auth-method="Secret" secret="your PSK here"/>
</ipsec-ike>
</code>
 
== OpenBSD configuration ==
 
[[Category:FireBrick_IPsec|OpenBSD]]
autoreview, Bureaucrats, reviewer, Administrators
18

edits