On 22 April 2014 17:40, Claer <cl...@claer.hammock.fr> wrote: > On Tue, Apr 22 2014 at 28:17, Mike Belopuhov wrote: > >> On 22 April 2014 17:13, Philipp >> <e1c1bac6253dc54a1e89ddc046585...@posteo.net> wrote: >> > It happened! A remote peer *requires* IKEv2 - and I've to do that on a >> > machine running isakmpd with somewhat 25+ IKEv1 peers. >> > >> > First hurdle: I cannot bind iked to a certain (carp) IP-address. Mad >> > workaround: start isakmpd (with Listen-on) first. >> > Second hurdle: iked loads "its" SAs and eventually does this by creating a >> > new empty SADB, effectivly killing all >> > the SAs isakmpd loaded into the kernel before? >> > >> > Is there a diff sleeping out there for tackling the first hurdle? >> > >> > For the second one, I've to refrain from testing this in live further more. >> > First to reconstruct my Frankenstein-Lab. >> > >> > Cheers for any thoughts beside "mad, bro?" :-) >> > >> >> more like it's not supported and is not supposed to work. >> it's like running nginx and apache at the same time but >> worse since there are kernel tentacles involved as well >> (as you might have figured out already) that will likely >> prevent you from doing that on the same box but different >> ip addresses. >> >> cheers, >> mike >> > Hello, > > I had a similar case. We handled it with another firewall for the moment > but I wish to keep vpns at one place. May it work with rdomains? >
i don't know for sure. perhaps rdomain separation is enough but you have a chance to try and see if it works. don't forget to create additional enc devices though. > Sorry for not replying to the list because I dont want to disturb tech@. > what kind of a mailing list is that that is afraid of being disturbed? it's right there for such discussions. and if someone says it's not, he's utterly wrong. > Thanks! > > Claer >
