On 2016-03-29, Bornkessel, Bernd <[email protected]> wrote: > Unfortunately, although the log states that it uses the virtual carp > ip as source ip address, the ip of the corresponding node dedicated > interface is being used instead.
iked generates some packets before binding, so they have whatever source address is on the interface that holds the outgoing route to the destination. Fixing this will either need what looks like fairly major work on iked, or support for IP_SENDSRCADDR. This type of setup does work with isakmpd.
