Hello, I would like to understand why OpenBSD 7.7's iked always uses /etc/iked/private.local key, no matter what better matching keys and certs are available under /etc/iked/private and /etc/iked/certs and no matter what is specified as local ID in /etc/iked.conf's srcid. Expected behavior would be that the local identity is derived from srcid. The currently implemented behavior is also totally undocumented. It took me days to debug why my childsa's were failing. In the current form I don't understand why we even maintain srcid as selector in /etc/iked.conf when the only valid srcid is what gets hardcoded via /etc/iked/private/local.key and its matching cert.
Am I missing something here? Somewhat lost after two days of debugging. Best regards, Christian