Thread: Help with IPSEC
View Single Post
  #4   (View Single Post)  
Old 7th December 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
Join Date: May 2008
Location: USA
Posts: 6,836

The "how to" you are following does not use ipsec.conf(5) and ipsecctl(8), which were designed to replace the complexities of isakmpd.conf(5) and isakmpd.policy(5) with simple configurations.

OpenBSD's ipsec.conf configuration provides a much simpler configuration and management interface to the ISAKMP/Oakly Security Policy Database. It was so simple, Symantec published an article stating that it only took them 4 minutes to configure and establish an IPSEC VPN between two gateways and their underlying networks.

The ipsec.conf(5) simplification has been available in OpenBSD since 3.8, released in 2005. I cannot explain why your third party "how to" author declined to deploy it for that 2009-era "how to" you used. There does not appear to be any unique provisioning in the "how to" that cannot be managed with ipsec.conf(5).

Since 2005, the only reason to use isakmpd.conf/isakmpd.policy files is to deploy a configuration that cannot be provisioned with ipsec.conf directly.
Reply With Quote