[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    Re: IKED/carp/sasyncd: Wrong source ip address/No IKEv2 response
From:       "Bornkessel, Bernd" <bernd.bornkessel () icp-companies ! com>
Date:       2016-03-29 22:38:58
Message-ID: 323683840.249355495.1459291138387.JavaMail.zimbra () icp-companies ! com
[Download RAW message or body]

Thank you for the response.

Yes - I've also considered switching back to isakmpd, which has been working very well in the past.

----- Original Message -----
> From: "Stuart Henderson" <stu@spacehopper.org>
> To: misc@openbsd.org
> Sent: Tuesday, March 29, 2016 11:24:33 PM
> Subject: Re: IKED/carp/sasyncd: Wrong source ip address/No IKEv2 response

> On 2016-03-29, Bornkessel, Bernd <bernd.bornkessel@icp-companies.com> wrote:
>> Unfortunately, although the log states that it uses the virtual carp
>> ip as source ip address, the ip of the corresponding node dedicated
>> interface is being used instead.
> 
> iked generates some packets before binding, so they have whatever
> source address is on the interface that holds the outgoing route to
> the destination.
> 
> Fixing this will either need what looks like fairly major work on
> iked, or support for IP_SENDSRCADDR.
> 
> This type of setup does work with isakmpd.

[prev in list] [next in list] [prev in thread] [next in thread]