On 2023-10-15, [email protected] <[email protected]> wrote: > What is a better way to configure iked on site-obsd so that it does not > encapsulate local traffic on the 10.89.2.0/24 network? Obviously my > understanding is incorrect, so any help is appreciated.
You should be able to add a bypass flow in ipsec.conf, and set ipsec=YES but *not* isakmpd_flags in rc.conf.local. To load manually without rebooting, ipsecctl -f /etc/ipsec.conf -- Please keep replies on the mailing list.
