On Mon, Sep 26, 2016 at 01:56:20PM +0200, Infoomatic wrote: > ipsec=YES in rc.conf.local does not change anything, and appending > "ikelifetime 60" to iked.conf neither.
ipsec=YES and /etc/ipsec.conf are for use with isakmpd. iked does not use ipsec.conf. > I am quite sure this is just a minor detail I have overseen, however, > I would really appreciate your help! Thanks! I don't see anything obviously wrong based on what you describe. Perhaps someone else will. It seems you came to this list before gathering actual evidence of what's going on. So I'd suggest you run tcpdump on your interfaces to figure out what's going on with the IKE session when it's in that non-working state, based on packets being passed around. You could also enable verbose mode at the other end and check the logs there to obtain more information.