On Thu, Nov 10, 2016 at 10:42:13AM +0000, Comète wrote: > Now, I can ask the question differently: > > If I don't want the connection to be > reset every half gigabyte, should I better choose isakmpd ?
Yes, that is worth trying as a workaround if you don't have clients that require IKEv2. If you control both ends of the tunnel then there's absolutely no reason not to try IKEv1. I have never seen such a problem with isakmpd but I'm not sure if I've ever even hit half a gigabyte in a single session (I mostly use it to provide IPsec for mobile data on my phone). But since isakmpd has been widely deployed for years I very much doubt it still has such bugs. Also note that it is currently impossible to run both isakmpd and iked on the same OpenBSD host, in case that matters.
