1. 9
  1.  

  2. 2
    main auth "hmac-sha1" enc "aes" group modp1024
    quick auth "hmac-sha1" enc "aes" group modp1024
    

    sha1 and modp1024 seem somewhat obsolete…

    1. 1

      I’d be wary of using L2TP/IPSEC with username and passwords. While main mode is better than aggressive mode, it would be better (and not a huge amount more effort) to use certificate auth.

      1. 1

        This server config should also work with Android clients.

        1. 1

          Is there a silver bullet VPN config on OpenBSD that works for iOS, Android, macOS/OS X and Windows 7-10?

          1. 1

            I’ve been running RRAS' (yes, the Windows VPN server) IKEv2 server. The setup for OpenIKED is a lot simpler than this. (I myself never bothered because I got tripped up on a line in the conf file and I already had a running domain…