DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 4th April 2014
Dr-D's Avatar
Dr-D Dr-D is offline
Port Guard
 
Join Date: Jun 2011
Posts: 38
Thanked 0 Times in 0 Posts
Default OpenBSD Multiple VPN Setup

Thanks to jggimi I have working VPN setup between my home network and a remote network. I now want to connect with another site from home and would like to know if my ipsec.conf and pf.conf files are setup correctly when I add the new VPN. My question is this, for the second VPN do still use "ike esp" and "enc" or do those have to be change to something different to denote a different VPN and change the pf.conf accordingly. Below are my ipsec.conf and pf.conf files, masked accordingly. Are they correct for the two VPN's I'd like to setup?

Thank you.

Code:
#ipsec.conf
ike esp from 192.168.69.0/24 to 199.194.199.0/24 peer B.B.B.B \
        main auth hmac-sha1 enc aes-256 group modp1536 \
        quick auth hmac-sha1 enc aes-256 \
        srcid A.A.A.A psk "password-goes-here"

ike esp from 192.168.69.0/24 to 10.0.0.0/24 peer C.C.C.C \
        main auth hmac-sha1 enc aes-256 group modp1536 \
        quick auth hmac-sha1 enc aes-256 \
        srcid A.A.A.A psk "password-goes-here"
Code:
#pf.conf
# macros
ext_if="em0"
int_if="em1"
int_net="{ 192.168.69.0/24 }"
whs="192.168.69.50"

# options
set block-policy drop
set loginterface $ext_if
set skip on {enc0, lo}

# match rules
match in all scrub (no-df)
match out on egress inet from !(egress) to any nat-to (egress:0)

# filter rules
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in on egress inet proto tcp to (egress) port 443 rdr-to $whs synproxy state
pass in on $ext_if inet proto udp from B.B.B.B to A.A.A.A port 500
pass in on $ext_if inet proto esp from B.B.B.B to A.A.A.A
pass in on $ext_if inet proto udp from C.C.C.C to A.A.A.A port 500
pass in on $ext_if inet proto esp from C.C.C.C to A.A.A.A
pass in log on $int_if
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD VPN Setup Dr-D OpenBSD Security 2 4th April 2014 01:23 PM
OpenBSD how to start (basic setup) wesley Guides 4 18th July 2012 06:29 PM
how setup arpwatch for OpenBSD mfaridi OpenBSD Packages and Ports 1 11th December 2008 05:22 PM
Using multiple gateways ivanatora FreeBSD General 7 15th November 2008 06:57 PM
Multiple VPN rondynames OpenBSD General 5 24th July 2008 11:51 AM


All times are GMT. The time now is 01:44 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick