IPv4 Transport mode connection with OpenBSD using PSK
Under OpenBSD 4.x ipsecctl is used for setting up and deleting IPSec connection
OpenBSD side filename: /etc/ipsec.conf tool: ipsecctl contents of OpenBSD ipsec.conf: ipv4_linux = "172.17.23.3" ipv4_addr = "172.17.23.2" ike esp transport from $ipv4_addr to $ipv4_linux quick auth hmac-sha1 enc aes group modp1024 psk "someauthentication" To check the syntax with verbosity (-vv): ipsecctl -vv -n -f /etc/ipsec.conf To start the IPSec with verbosity (-vv): isakmpd -K ipsecctl -vv -f /etc/ipsec.conf To remove the configuration with verbosity (-vv): ipsecctl -vv -d -f /etc/ipsec.conf Linux side: contents of ipsec.conf: config setup interfaces=%defaultroute plutodebug="all" nat_traversal=yes plutowait=yes nhelpers=0 uniqueids=yes conn OpenBSD type=transport left=172.17.23.3 right=172.17.23.2 keyexchange=ike esp=aes128-sha1 ike=aes128-sha1-modp1024 auto=route auth=esp authby=secret pfs=yes keyingtries=%forever rekeymargin=4m disablearrivalcheck=no rekey=yes aggrmode=no contents of ipsec.secrets: 172.17.23.2 172.17.23.3: PSK "someauthentication" To start on Linux side: ipsec whack --listen ipsec auto --verbose -add OpenBSD ipsec auto --verbose --up OpenBSD To stop on Linux side: ipsec auto --verbose --down OpenBSD ipsec auto --verbose --delete OpenBSD ipsec whack --unlisten
