Ipsec

IPSEC OpenBSD <-> Linux

Environment OpenBSD 7.0 Debian 11.2 with Strongswan IPv4 only IKE v1 ToDo IPv6 and Dualstack IKE v2 Debian ipsec.conf conn puffy authby = secret ike = aes256-sha256-modp2048 keyexchange = ikev1 ikelifetime = 1h keyingtries = 0 left = %defaultroute right = 193.xx.xx.xx leftid = 212.xx.xx.xx rightid = 193.xx.xx.xx lifetime = 1200s leftsubnet = 10.11.1.8/30 rightsubnet = 10.1.6.0/24 esp = aes256-sha256-modp2048 dpddelay = 30 dpdtimeout = 120 dpdaction = restart auto = start OpenBSD /etc/sysctl.

OpenBSD with IPSEC -> GIF -> OSFP

Intro Stage two Machines, puffy206 and puffy207 Both Maschines needs static IP Adresses puffy206 Loopback & Gif doas su - cat << 'EOF' > /etc/hostname.lo1 inet 10.0.0.6/32 up EOF cat << 'EOF' > /etc/hostname.gif0 description "Point2Point Interface for OSPF" mtu 1420 10.10.10.6 10.10.10.7 netmask 255.255.255.255 tunnel 192.168.108.206 192.168.108.207 EOF Enable IPSEC & IP Forwarding cat << 'EOF' >> /etc/sysctl.conf net.inet.ip.forwarding=1 net.inet.gre.allow=1 EOF rcctl enable ipsec isakmpd rcctl set isakmpd flags -K Create Tunnel Endpoint cat << 'EOF' > /etc/ipsec.

IPSEC with OpenBSD

Intro Stage a few Machines, puffy206 - 209 puffy206 has got a static ip, while puffy207 - 209 got dynamic ip addresses Master, puffy206 Loopback doas su - cat << 'EOF' > /etc/hostname.lo1 inet 10.0.0.6/32 up EOF Enable IPSEC & IP Forwarding cat << 'EOF' >> /etc/sysctl.conf net.inet.ip.forwarding=1 net.inet.gre.allow=1 EOF rcctl enable ipsec isakmpd rcctl set isakmpd flags -K Create Tunnel Endpoint cat << 'EOF' > /etc/ipsec.conf ike dynamic esp tunnel from 10.