On 2016-11-24, Damian McGuckin <[email protected]> wrote: > Can you mix the use of 'isakmpd.conf' and 'ipsec.conf'? > > I currently use the former for port 500 stuff. We use both predefined > network-to-networks IPSec links with PreShared Secrets and also dynamic, > i.e. negotiated, network-to-network links. The thought of figuring out how > to do both with IPSec, especially the latter which does not seem to be > documented with examples, fills me with dread. > > I have just figured out to allow L2TP/IPSec connections which demands the > use of the latter.
ipsec.conf isn't required for this (or anything that you can do with ipsec.conf; though not all of it is documented in the isakmpd.conf manual, i.e. NAT-ID). > I would love to use both concurrently if I can? > > Has anybody got any experience with both working well together? That will be fine. Though if you have an example ipsec.conf fragment, feed it into "ipsecctl -nv" and it shows the isakmpd fifo commands that it would send to add the config sections, which you could clean up and add to isakmpd.conf yourself if you wanted to keep things in one place.
