Taking a cue from the Linux thread, I'll write this. Here's hoping I can post without a VPN connection before getting cockblocked.

I don't suppose anyone's got a good OpenBSD ipsecctl configuration kicking around somewheres?

This shoddy hack doesn't seem to do much at all:Now, I don't have any user/pass info in there, so that's a known. The deal is, I'm not seeing any "hey idiot, enable the foobaz-5 crypto module" messages coming back at me, just isakmpd dumping this: As I understand it, any unnamed options are supposed to default to "sane" values, so I'm missing something else important or the Cisco is doing something wonky. A cursory browse of the guides I'm seeing out there on the web are either far out of date or using some way overcomplicated setup. I haven't really dug in to this yet and I'm hoping someone will have a good configuration so I won't have to. This trainwreck of standards makes me yearn for the bygone days of SSH tunnels.


I almost had the vpnc package running. Very simple to configure and run the client itself--I was impressed. However, attempting to fix the helper vpnc-script and coming up with correct routing tables plus pf filtering rules got me pretty close to putting a fork in my eyeball. Not recommended for mass consumption.

For what it's worth, here's a few strings from a vpnc session:

I wish IT would be more forthcoming with this sort of information on their website.

If this helps at all, the vpnc for FreeBSD (/usr/ports/security/vpnc) works just as seamlessly as the Linux build, if I were you, I would look at the vpnc-script for FreeBSD since OpenBSD is *close* (similar ifconfig, pf rules etc). I do remember at one time using an older release for Linux and having the same hair-pulling expierence with getting my route tables set and working >.<.