1# $OpenBSD: iked.conf,v 1.3 2023/03/06 13:57:45 sthen Exp $ 2# 3# See iked.conf(5) for syntax and examples. 4 5# Configure users for the Extensible Authentication Protocol (EAP) 6#user "user1" "password123" 7#user "user2" "password456" 8 9# Configuration for clients connecting with EAP authentication 10# and sending all traffic over the IKEv2 tunnel. 11# 12# EAP requires a server certificate; see ikectl(8) for more details 13# on generating this with an iked-specific local CA. 14# 15#ikev2 "eapclient" passive esp \ 16# from any to dynamic \ 17# local any peer any \ 18# eap "mschap-v2" \ 19# config address 10.2.0.0/24 \ 20# config name-server 10.1.0.2 \ 21# tag "$name-$id" 22 23# Configuration for a client authenticating with a pre-shared key, 24# mostly useful for LAN-to-LAN tunnels between static IP endpoints. 25# 26# For iked->iked tunnels you can use a simple config using public 27# keys instead - omit psk and copy /etc/iked/local.pub on each side to 28# /etc/iked/pubkeys/ipv4/<address> on the other. 29# 30#ikev2 esp \ 31# from 10.3.0.0/24 to 10.1.0.0/24 \ 32# from 10.5.0.0/24 to 10.1.0.0/24 \ 33# from 10.5.0.0/24 to 172.16.1.0/24 \ 34# local 192.168.1.1 peer 192.168.2.1 \ 35# psk "tyBNv13zuo3rg1WVXlaI1g1tTYNzwk962mMUYIvaLh2x8vvvyA-replace-me" 36