I'm experiencing some issues with iked(8) and the first one took me much longer than appreciated: order of commands matters.
This works: ikev2 passive esp \ inet6 \ proto gre \ from A to B \ local any peer any But switching `proto' and `inet' breaks it, not reporting any further information. I ran into the broken config in the first place, tried a few iterations and finally removed `proto' to "unbreak" it, thinking this particular command was broken in general. Since fixing parse.y is another journey I'm currently not up for, the BUGS section seems appropiate until order is truly irrelevant. Feedback? OK? Index: iked.conf.5 =================================================================== RCS file: /cvs/src/sbin/iked/iked.conf.5,v retrieving revision 1.61 diff -u -p -r1.61 iked.conf.5 --- iked.conf.5 10 Feb 2020 13:18:20 -0000 1.61 +++ iked.conf.5 14 Feb 2020 19:48:38 -0000 @@ -1006,3 +1006,5 @@ The .Xr iked 8 program was written by .An Reyk Floeter Aq Mt r...@openbsd.org . +.Sh BUGS +Commands must be specified in the same order as documented.