On 22 April 2014 17:40, Claer <cl...@claer.hammock.fr> wrote:
> On Tue, Apr 22 2014 at 28:17, Mike Belopuhov wrote:
>> On 22 April 2014 17:13, Philipp
>> <e1c1bac6253dc54a1e89ddc046585...@posteo.net> wrote:
>> > It happened! A remote peer *requires* IKEv2 - and I've to do that on a
>> > machine running isakmpd with somewhat 25+ IKEv1 peers.
>> >
>> > First hurdle: I cannot bind iked to a certain (carp) IP-address. Mad
>> > workaround: start isakmpd (with Listen-on) first.
>> > Second hurdle: iked loads "its" SAs and eventually does this by creating a
>> > new empty SADB, effectivly killing all
>> > the SAs isakmpd loaded into the kernel before?
>> >
>> > Is there a diff sleeping out there for tackling the first hurdle?
>> >
>> > For the second one, I've to refrain from testing this in live further more.
>> > First to reconstruct my Frankenstein-Lab.
>> >
>> > Cheers for any thoughts beside "mad, bro?" :-)
>> >
>> more like it's not supported and is not supposed to work.
>> it's like running nginx and apache at the same time but
>> worse since there are kernel tentacles involved as well
>> (as you might have figured out already) that will likely
>> prevent you from doing that on the same box but different
>> ip addresses.
>> cheers,
>> mike
> Hello,
> I had a similar case. We handled it with another firewall for the moment
> but I wish to keep vpns at one place. May it work with rdomains?

i don't know for sure.  perhaps rdomain separation is enough but you have
a chance to try and see if it works.  don't forget to create additional
enc devices though.

> Sorry for not replying to the list because I dont want to disturb tech@.

what kind of a mailing list is that that is afraid of being disturbed?
it's right there for such discussions.  and if someone says it's not,
he's utterly wrong.

> Thanks!
> Claer

Reply via email to