...gives me some headache... system1: (openbsd 4.9) em0 192.168.1.54 (same /24 subnet as system2) /etc/isakmpd/isakmpd. conf: Listen-on= 192.168.1.54 isakmpd -K
system2: (openbsd 4.9) em0 192.168.1.200 (same /24 subnet as system1) /etc/isakmpd/isakmpd.conf Listen-on= 192.168.1.200 isakmpd -K as long as em0 on system2 is in rdomain 0 (zero) everything seems fine and using tcpdump i can see bi-directional traffic on UDP/500 as soon as i put em0 on system2 into rdomain 1 using 'ifconfig em0 192.168.1.200 rdomain 1' my headache starts... i can check routing for domain 1 using 'netstat -rn -T1' i can ping 192.168.1.200 using 'ping -V1 192.168.1.200' *but* i do no longer see em0 in 'netstat -an -f inet' so i am not able to see if the listener for UDP/500 started on the em0 interface (only interfaces in rdomain 0 (zero) are displayed) bi-directional traffic for port UDP/500 stops anybody having experience in terminating a IPSEC tunnel in a routing domain? (virtual firewall setup) maybe i should try GRE with IPSEC on top of that...(?) thank you /pat
