On Tue, May 17 2011 at 39:21, patrick.oesch...@bluewin.ch wrote: > ...gives me some headache... > > system1: (openbsd 4.9) > em0 192.168.1.54 (same /24 subnet as system2) > /etc/isakmpd/isakmpd. > conf: > Listen-on= 192.168.1.54 > isakmpd -K > > system2: (openbsd 4.9) > em0 192.168.1.200 (same /24 subnet as system1) > > /etc/isakmpd/isakmpd.conf > Listen-on= 192.168.1.200 > isakmpd -K > > as long as em0 on system2 is in rdomain 0 (zero) > everything seems fine and using tcpdump i can see bi-directional traffic on > UDP/500 > as soon as i put em0 on system2 > into rdomain 1 using 'ifconfig em0 192.168.1.200 rdomain 1' my headache > starts... Did you run isakmpd on rdomain 1? (as precised in another mail) route -T1 exec isakmpd -K
The second step would be more problematic, I dont think that enc(4) supports rdomain yet. [...] > anybody having experience in > terminating a IPSEC tunnel in a routing domain? (virtual firewall setup) > maybe i should try GRE with IPSEC on top of > that...(?) Setting up gif on rdomain on top of ipsec works. Hope this helps :) Claer