Thank you for the response. Yes - I've also considered switching back to isakmpd, which has been working very well in the past.
----- Original Message ----- > From: "Stuart Henderson" <[email protected]> > To: [email protected] > Sent: Tuesday, March 29, 2016 11:24:33 PM > Subject: Re: IKED/carp/sasyncd: Wrong source ip address/No IKEv2 response > On 2016-03-29, Bornkessel, Bernd <[email protected]> wrote: >> Unfortunately, although the log states that it uses the virtual carp >> ip as source ip address, the ip of the corresponding node dedicated >> interface is being used instead. > > iked generates some packets before binding, so they have whatever > source address is on the interface that holds the outgoing route to > the destination. > > Fixing this will either need what looks like fairly major work on > iked, or support for IP_SENDSRCADDR. > > This type of setup does work with isakmpd.
