Hi Reyk,
> Short answer: Yes, it works. Fantastic! Thanks for the response!! > See also: > http://www.allard.nu/openbsd/maillist/archive/200608/1331.html I have read this now... I do still have to read up on iked, so I can get my head around that info better, though. > A possible, but untested, ipsec.conf configuration could be: > > ---snip--- > flow esp from 192.168.10.0/24 to 192.168.20.0/24 peer 10.0.0.2 type require > ike passive esp from 192.168.10.0/24 to 192.168.20.0/24 peer 10.0.0.2 > ---snap-- I am still using isakmpd.conf & isakmpd.policy.... do you have a possible untested sample config for them..? All the threads I've seen on this just say "isakmpd.conf is possible but more complicated" and don't go any further. :( I guess I've read so much stuff now I probably could covert over, but that would alter the change impact, requiring a lot more effort. Thanks for the awesome responses! Nemir
