ipsec.conf for OpenBSD IPsec Tunnel to AWS

ike esp from {<localLAN1>, <localLAN2>, <localLAN3>} to <remoteLAN> \
peer <remoteVPNGateway> \
main auth <authType> enc <encType> group <Group> lifetime <time> \
quick auth <authType> enc <encType> group <Group> lifetime <time> \
srcid <localVPNGateway> \
psk “<psk>”

Example:

ike esp from {0.0.0.0/0, 0.0.0.00, 0.0.0.0/0} to 0.0.0.0/0 \
        peer 0.0.0.0 \
        main auth hmac-sha1 enc aes-128 group modp1024 lifetime 28800 \
        quick auth hmac-sha1 enc aes-128 group modp1024 lifetime 3600 \
        srcid 0.0.0.0\
        psk "as;dlkfj;laksdjf;laskdjfa;slkdjf;alskdfjl;sadkfj"

Important Notes:

  • Spacing with commas and brackets are very important with the first line, ike esp… if anything’s not exactly as above, it won’t work
  • srcid does NOT have quotes; can be a vIP address