Basic Setup

This is a 5 minute presentation on howto setup OpenBSD and the Greenbow VPN client for a IPsec VPN from a client to a coorporate network.

Get the Flash Player to see this player.

The Configuration files

rc.conf.local

The following lines are needed in /etc/rc.conf.local

ipsec=YES
isakmpd_flags="-K"

You can then either restart the machine or simply start isakmpd with isakmpd -K.

ipsec.conf

In /etc/ipsec.conf, it's important that all parameters match the settings in your IPsec client. The following is a good starting point:

ike dynamic from any to any \
  main auth  hmac-sha1 enc aes group modp1024 \
  quick auth hmac-sha1 enc aes psk abc123

When picking a pre-shared secret, please use a random password generator such as https://www.grc.com/passwords.htm to generate a pre-shared key to make it secure. After changing configuration, reload the config with ipsecctl -f /etc/ipsec.conf.

You can discuss connecting different clients to OpenBSD in the forum.

If you have gotten value from the information on these pages, please support us by using "Allard" as your referral code when buying The Greenbow VPN client.