I had a very similar problem with the kernel panic.
I had the following iked.conf
ikev2 "ike-2021-07-02" passive esp \
from any to 10.0.3.0/24 \
local egress peer any \
eap "mschap-v2" \
config address 10.0.3.2 \
config name-server 8.8.8.8 \
tag "ROADW" \
tap "enc1"
the following in the /etc/hostname.enc1
inet 10.0.3.1 255.255.255.0
#!ifconfig enc1 mtu 1380
and the following in pf.conf
pass in quick on egress proto udp from any to (egress:network) port
{isakmp, ipsec-nat-t} keep state tag IKED
pass in quick on egress proto esp from any to (egress:network) tag IKED
pass log on enc1 tagged ROADW keep state
and routing would look like
10.0.3/24 10.0.3.1 UGS 1 77304 32768 8
enc1
10.0.3.1 10.0.3.1 UHhl 1 10 32768 1
enc1
This all seemed to make sense, the interface "enc1" is the one connected
to the "Virtual Network".
Now that I have to change enc1 to lo1, but how do I tell the ipsec
subsystem that the "lo1" is connected to the "Virtual Network"? (i.e.
that the packets send by the peer should appear to have arrived to lo1,
not some other interface)
Shall I have
```
tap "enc1"
iface "lo1"
```
?
But man iked.conf only mentions "requested" addresses with respect to
the iface option.
