Re: ipsec or iked to deploy under openbsd carp fws

Searching in google and reading some docs, I have several doubts about which one to choose. If I am not wrong, iked doesn't supports sasyncd, is it correct?? I am *much* happier with my use of isakmpd since I got rid of sasyncd and just rely on dead peer detection (DPD), I use ifstated to

Re: ipsec or iked to deploy under openbsd carp fws

2013/12/5 Anders Berggren and...@halon.se Interesting. I've got sasyncd to work pretty well by introducing a rather long sleep before restoring the carp demote, with my main problem being the fallback/restore to the designated master after a short period of the backup being active (the

Re: ipsec or iked to deploy under openbsd carp fws

On Wed 04 Dec 2013 00:18:40 GMT, Stuart Henderson wrote: On 2013-12-02, C. L. Martinez carlopm...@gmail.com wrote: Hi all, I need to deploy IPSec tunnels (lan-to-lan and roadwarriors clients like linux and windows) under two openbsd carp firewalls. .. What option can be best to deploy

Re: ipsec or iked to deploy under openbsd carp fws

On 2013/12/04 10:19, Andy wrote: Yea I had the same problem with sasynd but I found a simple solution that allows for faster failover than DPD. The issue I found was that when isakmpd starts on the carp 'backup', the -S stops it from chatting which is great, but, I also found it also seems

Re: ipsec or iked to deploy under openbsd carp fws

On Wed 04 Dec 2013 12:40:09 GMT, Stuart Henderson wrote: On 2013/12/04 10:19, Andy wrote: Yea I had the same problem with sasynd but I found a simple solution that allows for faster failover than DPD. The issue I found was that when isakmpd starts on the carp 'backup', the -S stops it from

Re: ipsec or iked to deploy under openbsd carp fws

On 2013-12-02, C. L. Martinez carlopm...@gmail.com wrote: Hi all, I need to deploy IPSec tunnels (lan-to-lan and roadwarriors clients like linux and windows) under two openbsd carp firewalls. .. What option can be best to deploy in these firewalls: ipsec (ipsec.conf and isakmpd) or iked?

ipsec or iked to deploy under openbsd carp fws

Hi all, I need to deploy IPSec tunnels (lan-to-lan and roadwarriors clients like linux and windows) under two openbsd carp firewalls. Searching in google and reading some docs, I have several doubts about which one to choose. If I am not wrong, iked doesn't supports sasyncd, is it correct??

Re: ipsec or iked to deploy under openbsd carp fws

On Mon, Dec 2, 2013 at 8:13 AM, C. L. Martinez carlopm...@gmail.com wrote: Hi all, I need to deploy IPSec tunnels (lan-to-lan and roadwarriors clients like linux and windows) under two openbsd carp firewalls. Searching in google and reading some docs, I have several doubts about which one