We also have a need for this in our environment. We use transport mode IPSEC to protect gif(4) tunnels between our OpenBSD routers at our remote sites, and we would also ideally like one of these routers to act as a Win 7 road warrior IKEv2 gateway. We would just use iked for both scenarios, but as of 5.6, iked doesn't appear to support transport mode yet. We have also tried running isakmpd and iked side-by-side, but we have been unsuccessful in doing so. IIRC, when one daemon starts after the other it wipes out the other's SAs and encap routes.
-Joe On Tue, Jan 20, 2015 at 9:17 AM, Fedor Piecka <[email protected]> wrote: > Hello > > We need to support both IKEv1 and IKEv2 peers in our environment. > > Isakmpd.conf supports Listen-on directive. > > However I haven't found such a thing in iked.conf an iked manual pages. > > > My first question now is how to instruct iked to listen only on a selected > interface. > > The second question is whether the 2 of them wouldn't interfere with each > other. > > Regards > Fedor
