main auth "hmac-sha1" enc "aes" group modp1024
quick auth "hmac-sha1" enc "aes" group modp1024
sha1 and modp1024 seem somewhat obsolete…
I’d be wary of using L2TP/IPSEC with username and passwords. While main mode is better than aggressive mode, it would be better (and not a huge amount more effort) to use certificate auth.
This server config should also work with Android clients.
Is there a silver bullet VPN config on OpenBSD that works for iOS, Android, macOS/OS X and Windows 7-10?
I’ve been running RRAS' (yes, the Windows VPN server) IKEv2 server. The setup for OpenIKED is a lot simpler than this. (I myself never bothered because I got tripped up on a line in the conf file and I already had a running domain…