[nycbug-talk] ikev2 vpn
milo
openbsd at aise.re
Wed Aug 31 14:06:44 EDT 2011
Hi,
Is there someone to help me on building vpn
between a Win7 workstation and an OpenBSD 4.9 gateway
using ikev2. I already read man pages of iked; ikectl and
iked.conf. I tried to do it but no success.
What i have done on the OpenBSD Box :
2 network card rl0:192.168.0.0/24
and em0:public_ip_address
>iked.conf:
user "milo" "password456"
ikev2 "win7" esp \
from any to any \
eap "mschap-v2" \
tag "$name-$id"
ikectl ca vpn create
ikectl ca vpn certificate ip_openbsd create
ikectl ca vpn certificate ip_win7 create
ikectl ca vpn install
ikectl ca vpn certificate ip_openbsd install
ikectl ca vpn certificate ip_win7 export
>pf.conf:
skip on { lo, enc0 }
match out on egress inet from rl0:network to any nat-to egress:0
pass
What i have done on win7 :
Only one network card, with a public_ip_address
I configure a vpn connection with ikev2 protocol and EAP-MSCHAP-V2
Install certificate : ip_win7 and vpn certificate.
Firewall is disable. I can ping the public ip address of my OpenBSD
gateway.
I can use putty to connect on it using ssh.
When i start the vpn i have error 809 (stop on username and password
verification)
So if someone can help me... you're welcome.
And perhaps, there's a better way to have a good vpn without using third
software on win7...
All the best,
Milo.
More information about the talk
mailing list