Re: isakmpd and iked on the same box

2018-08-31 Thread Daniel Polak
Tommy Nevtelen wrote on 31-8-2018 16:12: On 2018-08-31 10:44, Daniel Polak wrote: Tommy Nevtelen wrote on 30-8-2018 23:13: We use isakmpd to interconnect 30ish routers and I would like to switch to iked, but since there is no support to run both at the same time it makes it quite hard to

Re: isakmpd and iked on the same box

2018-08-31 Thread Boris Goldberg
Hello Philipp, I use to (reliably) run from two to four parallel instances of isakmpd on same boxes (for years) - first using different ports, then different IPs. It seems like they've had to (peacefully) share the SADB. Did I just not have enough tunnels to trigger the problem? If this isn't the

Re: isakmpd and iked on the same box

2018-08-31 Thread Tommy Nevtelen
On 2018-08-31 10:44, Daniel Polak wrote: Tommy Nevtelen wrote on 30-8-2018 23:13: We use isakmpd to interconnect 30ish routers and I would like to switch to iked, but since there is no support to run both at the same time it makes it quite hard to migrate slowly. Will basically need to do it

Re: isakmpd and iked on the same box

2018-08-31 Thread Sebastian Reitenbach
Am Donnerstag, August 30, 2018 17:39 CEST, Philipp Buehler schrieb: > Hi, > > Am 30.08.2018 10:27 schrieb Sebastian Reitenbach: > > Hi, > > > > I'm wondering if it would be possible to add iked to my box already > > running isakmpd. > > I found this quite old thread: > >

Re: isakmpd and iked on the same box

2018-08-31 Thread Daniel Polak
Tommy Nevtelen wrote on 30-8-2018 23:13: We use isakmpd to interconnect 30ish routers and I would like to switch to iked, but since there is no support to run both at the same time it makes it quite hard to migrate slowly. Will basically need to do it all at the same time and that is not very

Re: isakmpd and iked on the same box

2018-08-30 Thread Tommy Nevtelen
On 2018-08-30 22:06, Daniel Polak wrote: > On 30/08/2018 17:39, Philipp Buehler wrote: >> I was not following development too closely, but I think that on the >> kernel side >> things have not changed. Which means iked and isakmpd will happily >> "toe tap" >> on each others SADB in the kernel

Re: isakmpd and iked on the same box

2018-08-30 Thread Daniel Polak
On 30/08/2018 17:39, Philipp Buehler wrote: I was not following development too closely, but I think that on the kernel side things have not changed. Which means iked and isakmpd will happily "toe tap" on each others SADB in the kernel (even if there is *some* PID handling). Would like to

Re: isakmpd and iked on the same box

2018-08-30 Thread Philipp Buehler
Hi, Am 30.08.2018 10:27 schrieb Sebastian Reitenbach: Hi, I'm wondering if it would be possible to add iked to my box already running isakmpd. I found this quite old thread: http://openbsd-archive.7691.n7.nabble.com/iked-isakmpd-on-the-same-machine-td246610.html Why is it "always" my old