On 30/08/2018 17:39, Philipp Buehler wrote:
I was not following development too closely, but I think that on the
kernel side
things have not changed. Which means iked and isakmpd will happily
"toe tap"
on each others SADB in the kernel (even if there is *some* PID handling).
Would like to hear if kernel side has "improved" lately, but the
overall standpoint
looks like: IKEv1 is dead (e.g. see the removal of IKEv1 stubs in iked
some "months ago").
Why would IKEv1 be dead if the stubs were removed from iked? There is
still isakmpd and that works pretty well.
Also I see many companies that still use IKEv1 and it would be
unpleasant if there was no way to connect to them with OpenBSD.
Daniel
