Hello! OpenBSD 6.1 installed from image and runs fine. Openiked is in passive mode, peer is also passive. When receiving SADB_AQUIRE from kernel, no matching flow was found due to a coding fault: flow direction is not initialized in create_ike of parse.y. As a result of this, no matching flow is found and tunnel is not established upon acquire.If the flow direction is set to out when parsing the configuration, the acquire triggers immediate negotiation correctly, and the tunnel is established.Note, that theoretically the same problem could happen in active mode, if acquire is received after an unanswered IKE_SA_INIT exchange (peer is temporarily down).
Thank you! Agoston
