bram@cbbg.nl~$ hexdump cbbg.bin 00 | CA BB A9 E0 00 42 72 61 6D 27 73 Ê»©à.Bram's 0B | 72 65 73 69 64 65 6E 63 65 00 00 residence.. 16 | 6F 6E 20 74 68 65 20 77 65 62 2E on the web.

IPsec

OpenIKED based IPsec VPN tunnel on FreeBSD

This post will show how to set up an IPsec based VPN tunnel using OpenIKED. Road warrior clients will be placed within their own subnet of 10.0.5.0/24. Authentication between road warriors and the VPN server will be based on certificates. A word of advice for those attempting this journey; IPsec based VPNs with certificate based authentication is a messy endeavour. The first messy part is the Internet Key Exchange (IKE), both client and server have their own set of supported algorithms. During key negotiation a common ground needs to be found between client and server regarding cipher suites. Second messy part are the certificates, as a random guy on the internet, has so nicely phrased: public key infrastructure (PKI) and X.509 certificates are a wild, wild, west.