It happened! A remote peer *requires* IKEv2 - and I've to do that on a
machine running isakmpd with somewhat 25+ IKEv1 peers.
First hurdle: I cannot bind iked to a certain (carp) IP-address. Mad
workaround: start isakmpd (with Listen-on) first.
Second hurdle: iked loads "its" SAs and eventually does this by
creating a new empty SADB, effectivly killing all
the SAs isakmpd loaded into the kernel before?
Is there a diff sleeping out there for tackling the first hurdle?
For the second one, I've to refrain from testing this in live further
more. First to reconstruct my Frankenstein-Lab.
Cheers for any thoughts beside "mad, bro?" :-)