Hi, I am trying to set up a IKEv2 VPN with iked(8), between an OpenBSD firewall and a SonicWall one.
The VPN set up correctly as long as only one subnetwork is configured. However, as soon as at least 2 subnets are configured, only one of them operates. Below is the OpenBSD side configuration: ikev2 active esp \ from $local_network_1 to $remote_network_1 \ from $local_network_1 to $remote_network_2 \ peer $remote_peer \ ikesa auth xxx enc xxx group xxx \ childsa auth xxx enc xxx \ srcid $local_ip \ ikelifetime xxx lifetime xxx \ psk "xxxxxxx" The same configuration is done on the other side, adapted for the SonicWall. With only the line `from $local_network_vlan1 to $remote_networks_1`, the VPN goes up and the communication works correctly between the 2 subnets. The problem appears as soon as a second subnetwork is added to the configuration, by adding `from $local_network_vlan2 to $remote_networks_2`. There, the communication no longer works between local_network_1 and remote_network_1, but works between local_network_1 and the added remote_network_2. The problem is the same if, instead of setting up 2 remote subnets with only 1 local subnetwork, I set up 2 local subnetworks with 1 remote subnetwork, or even 2 local subnetworks with 2 remote subnets. The logs do not indicate anything particular. The problem seems to come from the OpenBSD side, since I also found it with another manufacturer on the other side, and the SonicWall has several VPNs configured in this way without any problems. It also seems to be specific to IKEv2 or iked(8), since we have this type of configuration with isakmpd(8) without any problem. Knowing that it is not possible to run iked(8) and isakmpd(8) at the same time to use IKE with this client, I would be very grateful if anybody could help me find out what is happening. Thank you ! -- Jeremy