On Fri, Apr 17, 2020 at 02:37:57PM +0200, Florian Weber wrote: > Good afternoon, > > is it possible to have only traffic which is routed through a specific > rdomain being encryped, i.e. have an enc interface in another rdomain and > only the whole traffic that runs in that rdomain gets encryped? > > Thank you for your help. > > Best regards, > > Florian >
Currently the only thing that should work out of the box is having iked running in a non-default rdomain and then use ipsec only in this rdomain. However, I have been working on better rdomain integration for ipsec/iked lately and a working diff that should solve your problem is currently waiting for testing over at tech@: https://marc.info/?l=openbsd-tech&m=158677212723896&w=2 Feedback welcome ;)
