View Single Post
  #3   (View Single Post)  
Old 25th November 2008
schrodinger's Avatar
schrodinger schrodinger is offline
Fdisk Soldier
Join Date: May 2008
Location: Ireland
Posts: 69

Hey s2scott I am in the middle of setting this up

I have x509 CERTIP auth setup (on my LAN from a lan server its default gateway - the OpenBSD firewall. I will be testing from the public Internet at the weekend), moving onto FQDN and User_FQDN next.

Been basing my initial configs from this setup and migrating them to ipsec.conf instead of isakmpd.conf. Although I do believe that you are required to configure a isakmpd.policy for use with x509v3 CERTUFQDN properties. However I am not sure of this. It is quite surprising that the large majority of the documentation for cert based authentication is all around OpenBSD 3.8 and the use of certpatch. There are some guides that are more up to date but none of them document using USER_FQDN x509v3 certificate extensions.

There is this guide which details the use of x509 USER_FQDN with OpenBSD using isakmpd.conf and isakmpd.policy.

The plan is to evenaully be able to VPN back to home from anywhere with any OS as I have XP, Debian and FreeBSD on my two laptops from a wide range of Internet connections.

After I get this done I will go one to setup OpenVPN and I also be following your wonderful guide on building an OpenSSH based VPN.
It was a new day yesterday, but it's an old day now.
Reply With Quote