hi everyone !
nice to see that there is a forum related to openbsd !...
i have only a basic question about the VPN/IPsec implementation in openbsd 4.x - specially for ISAKMP exchanges in phase 2. it seems that this is different from other OS or vendors.
>> does openbsd accept in phase 2 a remote-subnet, which is not configured as a reachable subnet through vpn ? <<
That means subnet A and B should be reached via vpn. A and B is configured on both sides. The client (ex. netscreen) sends also a subnet C to responder (openbsd), and openbsd agreed subnet C in phase 2 even subnet C is not configured in openbsd as vpn remote-subnet.
Or is this just a problem of the configuration of openbsd, isakmpd.conf... ?
thanks a lot for your answer.
vpn is established by mainmode and preshared key.