On Thu, Nov 24, 2022 at 06:51:40PM +0300, Aleksandr Mikhaylov wrote: > Tobias Heider wrote: > > On Thu, Nov 24, 2022 at 05:50:57PM +0300, Aleksandr Mikhaylov wrote: > > > Tobias Heider wrote: > > > > On Thu, Nov 24, 2022 at 12:45:03PM +0300, Aleksandr Mikhaylov wrote: > > > > > Hi. Please tell me how to connect to an OpenBSD 7.2 Release > > > > > from an OpenBSD 7.2 Release client via iked. > > > > > .... > > > > > > > > Hi, > > > > > > > > your configs look ok. The server log shows the handshake is completed > > > > and a IKE_AUTH reply is sent to the client, but on the client side this > > > > message never arrives. This is why it keeps on resending the AUTH > > > > request > > > > until it times out. > > > > > > > > It is not clear whether the reply is lost in transit or discarded by > > > > your > > > > client. You could try looking at a tcpdump of your handshake or enable > > > > verbose logging in iked on your client and see if you can find anything > > > > suspicious after "send IKE_AUTH req 1 ...". > > > > > > > > - Tobias > > > > > > And on which ports should the connection come to the laptop? It has pf > > > configured on it and is behind NAT > > > > Probably the one with your default route. Try 'route get bsd.server.vds'. > > I mean tcp/udp port >
That would be udp 4500 because it is using udpencap for NAT traversal as we can see in your log: send IKE_AUTH res 1 peer W.X.Y.Z:4500 local A.B.C.D:4500 ...
