> On Mon, Sep 26, 2016 at 01:56:20PM +0200, Infoomatic wrote: > > ipsec=YES in rc.conf.local does not change anything, and appending > > "ikelifetime 60" to iked.conf neither. > > ipsec=YES and /etc/ipsec.conf are for use with isakmpd. > > iked does not use ipsec.conf.
that's what I thought, but wasn't quite sure so I just tried the ipsec=YES in rc.conf.local > It seems you came to this list before gathering actual evidence of > what's going on. So I'd suggest you run tcpdump on your interfaces > to figure out what's going on with the IKE session when it's in that > non-working state, based on packets being passed around. > You could also enable verbose mode at the other end and check the > logs there to obtain more information. I also tried with "-v" flags which did not write anything to /var/log/daemon, also, the already running endpoint did not receive any packets.
