It happened! A remote peer *requires* IKEv2 - and I've to do that on a machine running isakmpd with somewhat 25+ IKEv1 peers.

First hurdle: I cannot bind iked to a certain (carp) IP-address. Mad workaround: start isakmpd (with Listen-on) first. Second hurdle: iked loads "its" SAs and eventually does this by creating a new empty SADB, effectivly killing all
the SAs isakmpd loaded into the kernel before?

Is there a diff sleeping out there for tackling the first hurdle?

For the second one, I've to refrain from testing this in live further more. First to reconstruct my Frankenstein-Lab.

Cheers for any thoughts beside "mad, bro?" :-)

Reply via email to