Hello Philipp, I use to (reliably) run from two to four parallel instances of isakmpd on same boxes (for years) - first using different ports, then different IPs. It seems like they've had to (peacefully) share the SADB. Did I just not have enough tunnels to trigger the problem? If this isn't the case, why can't iked be as "nice" as isakmpd? Just wondering.
Thursday, August 30, 2018, 10:39:21 AM, you wrote: PB> Hi, PB> Am 30.08.2018 10:27 schrieb Sebastian Reitenbach: >> Hi, >> >> I'm wondering if it would be possible to add iked to my box already >> running isakmpd. >> I found this quite old thread: >> http://openbsd-archive.7691.n7.nabble.com/iked-isakmpd-on-the-same-machine-td246610.html PB> Why is it "always" my old threads in this area? :-) PB> I was not following development too closely, but I think that on the PB> kernel side PB> things have not changed. Which means iked and isakmpd will happily "toe PB> tap" PB> on each others SADB in the kernel (even if there is *some* PID PB> handling). PB> Would like to hear if kernel side has "improved" lately, but the overall PB> standpoint PB> looks like: IKEv1 is dead (e.g. see the removal of IKEv1 stubs in iked PB> some "months ago"). PB> [Still stuck with my ikev2 with strongswan on a different box solution] PB> HTH... wait, no: PB> ciao -- Best regards, Boris mailto:psi...@prodigy.net
