I was wondering if anyone knew of the current state of iked/carp/sasync. I saw the discussion in October of 2012 on this list, in which Reyk indicates that it is still under developemnt. I don't know who is responsible for iked/ikectl/sasync code currently, but we would like to move from isakmpd to iked and could disucss sponsoring some work to help flesh out these features. Our isakmpd has everything needed, but we still are working around a bug with sasync and would prefer ikev2.
Issues I am looking for information on are: -Carp interface (reported perviously as not being honored, so a known issue) -sasync (I haven't tested, but expect phase1 bug I found under isakmpd might affect iked?) -any issues due to the "not production ready" warning at the bottom of iked man page? -ability to add/remove tunnels with out taking all existing tunnels down through ikectl For the last point, I can currently accomplish this with isakmpd.fifo. It allows both reloading the configuration file, and provides commands to tear down and create tunnels. I see that ikectl has a reload command, which would reread the configuration file. I don't see any way of tearing down one tunnel, or creating one association. There is "reset sa" but that would break all running tunnels. Is there a way to imulate the ability of isakmd.fifo to tear down a specific tunnel? The commands to the isakmd.fifo that I am looking to imulate would be the "c" and "t" fifo options. Thank you, Brian
