Hi folks, since syspatch 70-006_x509 and a reboot IKEv2 between 2 OpenBSD clusters (2 hosts on each end, carp interface, passive by default, managed via sasyncd) appears to be broken. /var/log/messages says
Dec 12 21:40:28 gate5a iked[57676]: spi=0x5a7c2732b4b355e6: ikev2_dispatch_cert: peer certificate is invalid certificates have been generated using ikectl ca. How comes? I haven't changed the ca or the ike configuration since 6.8. Unfortunately rolling back the syspatch or issuing new certificates did not help. I am stuck and desperate. Every helpful comment is highly appreciated. Harri
