On Mon, Sep 11, 2017 at 09:24:55AM +0000, Christoph Leser wrote: > I read in an 2013 paper by Reyk Floeter about openIKED > (https://www.openbsd.org/papers/openiked-asiabsdcon2013.pdf) > > "The design intends to allow operation of both protocol versions on the same > host" > > but > > "The unprivileged IKEv1 process is currently an empty stub" > > Does this mean that I cannot have both IKEv1 and IKEv2 on a single openBSD > machine?
AFAIK an underlying problem is that iked(4) and isakmpd(4) cannot share the in-kernel SA DB. > Is there any way to run iked and isakmpd on the same machine ( maybe with the > help of > pf to redirect ike2 hosts to a non default port )? I haven't tried this myself but if you are constrained to one _physical_ machine, you could run another virtual machine in vmm(4) to serve one of the two IKE protocols. I suspect you'll want two separate IP addresses in any case, though. Keeps things simple.
