On 2018/04/17 12:54, Stefan Sperling wrote: > On Mon, Apr 16, 2018 at 07:05:12AM +0000, Stuart Henderson wrote: > > On 2018-04-15, mabi <m...@protonmail.ch> wrote: > > > I just moved from isakmpd to iked and could not find the parameter name > > > in iked.conf in order to tell iked on which IP it should listen. With > > > isakmpd.conf I would use the following: > > > > > > [General] > > > Listen-on= 123.123.123.123 > > > > > > Is there any equivalent with iked? > > > > There is not, but the main place this is needed is for setting the > > "from" address for outgoing packets. isakmpd uses the "default" address > > for this, which is often wrong on a multihomed system so it's necessary > > to bind to a particular address to fix this. iked (at least in the > > last few releases) uses the address from "local" in the config instead, > > so binding isn't needed in most cases. > > > > I have run into this exact isakmpd problem in several situations. > IPsec didn't work reliably, and it turns out that IKE traffic > was using the wrong source IP. > > This is a nasty pitfall for people want to set up IKEv1 with carp(4). > It think we should document this better. The diff below scatters some > hints across relevant man pages. > > OK?
Yes, OK. (Unless anyone has a "sendfromto" diff for isakmpd sitting in a tree somewhere.. :-)
