The "how to" you are following does not use ipsec.conf(5) and ipsecctl(8), which were designed to replace the complexities of isakmpd.conf(5) and isakmpd.policy(5) with simple configurations.
OpenBSD's ipsec.conf configuration provides a much simpler configuration and management interface to the ISAKMP/Oakly Security Policy Database. It was so simple, Symantec published an article stating that it only took them 4 minutes to configure and establish an IPSEC VPN between two gateways and their underlying networks.
The ipsec.conf(5) simplification has been available in OpenBSD since 3.8, released in 2005. I cannot explain why your third party "how to" author declined to deploy it for that 2009-era "how to" you used. There does not appear to be any unique provisioning in the "how to" that cannot be managed with ipsec.conf(5).
Since 2005, the only reason to use isakmpd.conf/isakmpd.policy files is to deploy a configuration that cannot be provisioned with ipsec.conf directly.
|