OpenBSD 7.1 + OpenVPN + Easy-RSA

uNdEr cOnStRuCtIoN What to tune: At first set EASYRSA to a defined path like set_var EASYRSA “/etc/openvpn/easy-rsa” or you will earn some errors. Then edit the EASYRSA_REQ_* section and add your values. Check the other stuff, tune it if you want. Theres btw no need to change the openssl-easyrsa.cnf and there’s no need (like in […]

OpenBSD | ISAKMPD | x509 certificate authentication

Prepare OpenBSD Prepare the network interfaces. Delete /etc/mygate when using dhcp. Create /etc/sysctl.conf. net.inet.esp.enable=1 # Enable the ESP IPsec protocol net.inet.ah.enable=1 # Enable the AH IPsec protocol net.inet.ip.forwarding=1 # Enable IP forwarding for the host. net.inet.ipcomp.enable=1 # Optional: compress IP datagrams Create /etc/rc.conf.local isakmpd_flags=”” # Avoid keynote(4) policy checking ipsec=YES # Load ipsec.conf(5) rules Some […]