On Thu, Mar 21, 2019 at 8:05 AM Otto Moerbeek <[email protected]> wrote: > > > > There's a diff on tech@ fixing this (and a few other things). > > > > -Otto > > In the meantime a fix has been committed that wil be included in the > upcoming 6.5 release. > > -Otto
Thanks, I've verified that both versions (the larger proposed diff and the smaller just-committed one) do fix the parser bug. Also thanks to that discussion thread, I learned to NOT include the local machine in the peer list, at least until that larger diff lands. The proposed version does print "skip local peer" if I do include it, so that part seems to be working, at least for IPv4. Now to figure out why my ipsec flows aren't activating -- sasyncd notifies iked, which prints "config_getmode: mode passive -> active" but nothing happens. iked worked fine in active mode before I introduced sasyncd into the equation; that's beyond the scope of this bug though... -Andrew
