Contributed by jose on from the ipsecadm--flush dept.
"I've been searching for configuration details about having an OpenBSD box operate as an IPSec gateway for multiple mobile users with dynamic IP's who connect to services located on internal networks behing the IPSec VPN gateway. i.e.Priv. Nw Roaming ISP NW ======== ============== Host A --- VPNGW --- Internet --- Mobile User A Host B -| |- Mobile User B Host C - - Mobile User CAll I have been able to locate are the same question asked tens of times on multiple mailing lists and forums, but no one has been able to provided a comprehensive explanation on how to accomplish this.
What I found was that everyone who has tried to do this has stumbled at one point or another and the dynamic endpoint support seems fairly unstable in OpenBSD's IPSec implementation.I have also had some difficulty in getting the myriad of IPsec options configured correctly. The documentation is fair, but does requrie a bit of time for a full understanding. Does anyone have anything better?
There seems to be two main types of problems:
1) Inability to get isakmpd work with anything other than manual keying and static IP addresses
2) Problems in accepting the SSH Communications Sentinel client authentication with isakmpd.
Do you have any success stories about implementing this functionality? How about writing a howto documenting such project? "
(Comments are closed)