Building Ikev2 road warrior VPN for IOS9 with OpenBSD and DNSCRYPT

Howdy ,

In this tutorial, hope help you guys how to configure IKEv2 VPN using IOS9 ( iphone ) and OpenBSD.


# cat /etc/iked.conf

ikev2 "ios9" passive esp from to \
 local peer any \
 ikesa enc aes-256 auth hmac-sha2-256 group modp2048 \
 childsa enc aes-256 auth hmac-sha2-256 group modp2048 \
 psk "YOURPSK" config address \
 config name-server config access-server
# chmod 700 /etc/iked.conf
# rcctl enable iked
# echo 'inet' > /etc/hostname.vether0
# sh /etc/netstart vether0
  • is an external ip_address

Let’s configure unbound for DNS CACHE and Forward requests to DNSCRYPT.

# rcctl enable unbound
# vi /var/unbound/etc/unbound.conf

Something like this should work for most setups:

	access-control: allow
	do-not-query-localhost: no
	hide-identity: yes
	hide-version: yes

        name: "."
# export PKG_PATH=
# pkg_add dnscrypt-proxy
# rcctl enable dnscrypt_proxy
# rcctl set dnscrypt_proxy flags -E -m 1 -R cisco -a
  • Replace cisco with an upstream resolver of your choice. The package includes a list of servers in the /usr/local/share/dnscrypt-proxy/dnscrypt-resolvers.csv file.





This entry was posted in OpenBSD and tagged , , , , . Bookmark the permalink.