I rebooted and everything worked, thank you very much. On 10/04/2026, Alex Mihajlov wrote: > Sorry, I didn't reply to the mailing list. > > What's the public IP address? > I'm behind a NAT, and if I specify a truly public address in local, I get an > error: > > spi=0x1bd0e7050de6b0f4: send IKE_SA_INIT req 0 peer XXXX:500 local YYYY:500, > 518 bytes > ikev2_msg_send: sendtofrom: Can't assign requested address > > But if I use the address that I have on the trunk0 interface > (it combines iwx0 and em0, as described in the FAQ), > and which has a defaultroute, then I see the same errors. > send IKE_AUTH req 1 peer XXXX:4500 local 10.222.222.222:4500, 631 bytes, NAT-T > recv IKE_AUTH res 1 peer XXXX:4500 local 10.222.222.222:4500, 759 bytes, > policy 'rw' > ikev2_ike_auth_recv: obtained lease: 172.24.24.171 > ikev2_ike_auth_recv: obtained DNS: 172.24.24.1 > writev failed: type 3 len 288: Invalid argument > > I also tried using sec0 instead of lo1. > I have OpenBSD 7.8 stable and OpenIKED 7.4. > > On 10/04/2026, Tobias Heider wrote: > > On Fri, Apr 10, 2026 at 12:35:25AM +0300, Alex Mihajlov wrote: > > > On 09/04/2026, Tobias Heider wrote: > > > > > > > > Yes, different IDs is what I would try. > > > > > > Yes, thank you very much, almost everything worked out, > > > just one question remains. I can authenticate, > > > the server gives me an IP address, > > > and on the client, I use a configuration similar > > > to the one described in the FAQ: > > > > > > ikev2 'rw' active esp \ > > > from dynamic to any \ > > > peer myserver \ > > > srcid myclient \ > > > dstid myserver \ > > > request address any \ > > > iface lo1 > > > > > > I have created an interface lo1: > > > $ ifconfig lo1 > > > lo1: flags=2008009<UP,LOOPBACK,MULTICAST,LRO> mtu 32768 > > > index 8 priority 0 llprio 3 > > > groups: lo > > > > > > In the log I see the following: > > > end IKE_AUTH req 1 peer X.X.X.X:4500 local Z.Z.Z.Z:4500, 631 bytes, NAT-T > > > ecv IKE_AUTH res 1 peer X.X.X.X:4500 local Z.Z.Z.Z:4500, 759 bytes, > > > policy 'rw' > > > ikev2_ike_auth_recv: obtained lease: 172.24.24.221 > > > ikev2_ike_auth_recv: obtained DNS: 172.24.24.1 > > > pfkey_write: writev failed: type 3 len 288: Invalid argument > > > > > > The address does not appear on the lo1 interface, and after some time the > > > following appears in the log: > > > sa_free: SA_INIT timeout > > > req: 2149607705: Can't assign requested address > > > parent 1 got invalid imsg 33 peerid -1 from ikev2 1 > > > ikev2 exiting, pid 79505 > > > > > > What am I doing wrong? > > > > > > > Just a wild guess but I feel like I have seen this before, try adding > > a "local" option with your public IP address. > > -- > С уважением, Михайлов Александр. >
-- С уважением, Михайлов Александр.
