On 10/19/2012 1:16 AM, Jim Miller wrote:
Two part question:
1. Anyone had any success getting iked and carp working on OpenBSD 5.1
(amd64)? We can get it working with isakmpd. The issue seems to be
that iked wants to send out packets as the physical interface IP instead
of the carp IP. iked documentation eludes to the fact that it should work.
In my experience under 5.1 isakmpd wants to use the IP from the real
physical interface instead of the virtual carp interface too, so I have
to use the "local x.x.x.x" command in ipsec.conf, where x.x.x.x = my
carp IP -- this forces it onto the carp IP and all is well.
iked.conf(5) has a similar "local" command. Does it not work?
and keep in mind the caveat:
"iked is not yet finished and is missing some important security features.
It should not yet be used in production networks." -- iked(8)
