# $OpenBSD: iked.conf,v 1.3 2023/03/06 13:57:45 sthen Exp $ # # See iked.conf(5) for syntax and examples. # Configure users for the Extensible Authentication Protocol (EAP) #user "user1" "password123" #user "user2" "password456" # Configuration for clients connecting with EAP authentication # and sending all traffic over the IKEv2 tunnel. # # EAP requires a server certificate; see ikectl(8) for more details # on generating this with an iked-specific local CA. # #ikev2 "eapclient" passive esp \ # from any to dynamic \ # local any peer any \ # eap "mschap-v2" \ # config address 10.2.0.0/24 \ # config name-server 10.1.0.2 \ # tag "$name-$id" # Configuration for a client authenticating with a pre-shared key, # mostly useful for LAN-to-LAN tunnels between static IP endpoints. # # For iked->iked tunnels you can use a simple config using public # keys instead - omit psk and copy /etc/iked/local.pub on each side to # /etc/iked/pubkeys/ipv4/
on the other. # #ikev2 esp \ # from 10.3.0.0/24 to 10.1.0.0/24 \ # from 10.5.0.0/24 to 10.1.0.0/24 \ # from 10.5.0.0/24 to 172.16.1.0/24 \ # local 192.168.1.1 peer 192.168.2.1 \ # psk "tyBNv13zuo3rg1WVXlaI1g1tTYNzwk962mMUYIvaLh2x8vvvyA-replace-me"