On Sun, Oct 28, 2012 at 7:49 AM, Erwin Schliske <[email protected]> wrote: >>> But now I have figured out what I have to change to bring up the tunnels >>> after loading the config with ipsecctl. >>> >>> I have to disable sasyncd, which if enabled causes to start isakmpd with >>> parameter S. If isakmpd starts without this parameter the tunnels come up >>> and work smoothly. >>> >>> So the question. Is this a know behaviour, that isakmpd switches to passive >>> if sasyncd is enabled? Or is this a bug? >> >> I have seen this before. In my experience, in the end the -S parameter >> works, but it might take a while before isakmpd realises it is running >> on the master. Never have figured out why it takes long some of the >> time. > > That would be good enough. But on my gateway the tunnel never comes up. > > Erwin >
Hi, Do you happen to have addresses on the interface below carp? In case you do, you should instruct isakmpd to use carp address by adding the following lines to /etc/isakmpd/isakmpd.conf: [General] Listen-on=<CARP-IP-ADDRESS> Make sure to set local address in ike rules in ipsec.conf as well. Hope this helps. Cheers, Mike
