Also: 1) Does the documentation in ipsec(4) / isakmpd.conf(5) / sasyncd.conf(5) imply that all policies / security associations should be between the CARP HA L3 address?
2) Is your isakmpd(8) binding to wildcard address? 3) Did this problem evolve with the implementation of sasyncd(8) or did your IPSEC never work? ~BAS On Mon, 2007-10-01 at 08:16 -0700, Dag Richards wrote: > Patrick Hemmen wrote: > > Hello all, > > > > I have two OpenBSD machines for a redundancy VPN-Gateway. They use > > carp to share one IP-Address and sasyncd to synchronize SAs and SPDs. > > I setup a ipsec-tunnel in /etc/ipsec.conf. The tunnel isn't > > established and the error "PAYLOAD_MALFORMED" appears in the logs. > > With tcpdump I can see that the initial packet (isakmp v1.0 exchange > > ID_PROT) to establish the tunnel come from the host IP-Address and not > > from the carp address. > > > > Thanks in advance. > > Patrick > > > > Maybe it's the humidity. > Maybe it's something in your ipsec.conf file. > Based on the info you have provided so far, both seem to be about as > like as each other .... ;) > > ipsec.conf > ifconfig -A > > maybe a quote from your dumps > and perhaps a bit of logging info ....
