On April 16, 2018 9:05 AM, Stuart Henderson <s...@spacehopper.org> wrote:
> There is not, but the main place this is needed is for setting the > > "from" address for outgoing packets. isakmpd uses the "default" address > > for this, which is often wrong on a multihomed system so it's necessary > > to bind to a particular address to fix this. iked (at least in the > > last few releases) uses the address from "local" in the config instead, > > so binding isn't needed in most cases. I see, so as long as I use the "local" parameter in iked.conf with the local IP address which I use for my site-2-site VPN I am saying to iked to listen only on that IP address. Here would be my generic example for a site-2-site VPN between two OpenBSD firewalls: ikev2 passive esp \ from $local_network to $remote_network local $local_ip peer $remote_ip \ srcid $local_ip I was also wondering in the case of a site-2-site VPN should one side be in active mode and the other one in passive mode? or what is usually used for site-2-site VPN?
