Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 9th September 2009
wesley wesley is offline
Real Name: Wesley
Shell Scout
Join Date: Aug 2009
Location: Reunion Island
Posts: 91
Default connect to an other site using ipsec-nat


We have to connect to a factory using ipsec and nat.
A server(factory) will send backup to us using ftp.

Our ftp server is protected by a firewall with OpenBSD (PF and ftp-proxy)
OpenBSD firewall : 2 interfaces : egress (81.255.XX.XX) and local ( ; FTP server :

The admin of the factory has send me informations to configure vpn ipsec :

our vpn gateway : 81.255.XX.XX
src address :
dst address :

factory vpn gateway : 210.253.XX.XX
src address :
dst address :

Authentication Mode: Preshared Keys
Diffie-Hellman Group 2 (1024 bit)
Encryption Algorithm: AES 256
Hashing Algoritm: SHA-1
Negotiation Mode: Main
Lifetime : 28800 sec

Perfect Forward Secrecy: Group 2
Encapsulation : ESP
Encryption Algorithm: AES 256
Authentication Algorithm : SHA-1
Encapsulation Mode: Tunnel
Lifetime : 3600 sec

the preshared key : haiku

i have read man pages of ipsec.conf, ipsecctl, isakampd.
My pf.conf let protocol esp, udp 500 and 4500 from any to any.
I dont see how to realize that. If someone can help me.
Thank you.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ipsec with client nat sicute OpenBSD General 0 30th October 2008 05:39 PM
Routing between site-to-site tunnels docrice OpenBSD General 5 26th September 2008 09:21 AM
IPsec on openbsd hitete OpenBSD Installation and Upgrading 1 12th July 2008 01:57 AM
Bare Minimum Site-to-Site VPN on OpenBSD ai-danno Guides 0 20th May 2008 12:45 AM
Transferring away from the other site... s2scott Feedback and Suggestions 2 5th May 2008 09:47 AM

All times are GMT. The time now is 05:16 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick