Howdy ,
In this tutorial, hope help you guys how to configure IKEv2 VPN using IOS9 ( iphone ) and OpenBSD.
OpenBSD-59-amd64
# cat /etc/iked.conf ikev2 "ios9" passive esp from 0.0.0.0/0 to 192.168.1.0/24 \ local 7.7.7.7 peer any \ ikesa enc aes-256 auth hmac-sha2-256 group modp2048 \ childsa enc aes-256 auth hmac-sha2-256 group modp2048 \ psk "YOURPSK" config address 192.168.1.0/24 \ config name-server 192.168.1.1 config access-server 192.168.1.1
# chmod 700 /etc/iked.conf # rcctl enable iked # echo 'inet 192.168.1.1 255.255.255.0 192.168.1.255' > /etc/hostname.vether0 # sh /etc/netstart vether0
- 7.7.7.7 is an external ip_address
Let’s configure unbound for DNS CACHE and Forward requests to DNSCRYPT.
# rcctl enable unbound # vi /var/unbound/etc/unbound.conf
Something like this should work for most setups:
server:
interface: 192.168.1.1
interface: 127.0.0.1
access-control: 192.168.1.0/24 allow
do-not-query-localhost: no
hide-identity: yes
hide-version: yes
forward-zone:
name: "."
forward-addr: 127.0.0.1@40
# export PKG_PATH=http://ftp.openbsd.org/pub/OpenBSD/5.9/packages/amd64 # pkg_add dnscrypt-proxy # rcctl enable dnscrypt_proxy
# rcctl set dnscrypt_proxy flags -E -m 1 -R cisco -a 127.0.0.1:40
- Replace cisco with an upstream resolver of your choice. The package includes a list of servers in the /usr/local/share/dnscrypt-proxy/dnscrypt-resolvers.csv file.