Now it's clear to me. Thanks a lot! ср, 14 апр. 2021 г. в 15:54, Stefan Sperling <s...@stsp.name>:
> On Wed, Apr 14, 2021 at 03:28:31PM +0300, Dev Op wrote: > > Hello all! > > > > I have several partners working with different IKE versions. Is it > possible > > to run iked and isakmpd on the same machine if I have two public > > IP addresses on it? > > > > On iksampd (IKEv1) it's simple, for example: > > /etc/isakmpd/isakmpd.conf > > [General] > > Listen-on=X.X.X.X > > Retransmits=32 > > Exchange-max-time=240 > > DPD-check-interval=30 > > Default-phase-1-lifetime=86400,60:86400 > > Default-phase-2-lifetime=86400,60:86400 > > > > But how to bind iked (IKEv2) to another address Y.Y.Y.Y? > > Running both on the same system isn't possible. As far as I understand > it's not just about the UDP listening ports. It isn't possible to share > the kernel's IPsec flow table cleanly between the two deamons. > > You should be able to work around this limitation by running one of the > daemons in a virtual machine, e.g. in vmm(4), provided your hardware > supports this. Check: grep ^vmm0 /var/run/dmesg.boot > It is possible to bridge the VM's host-side network interface with the > physical network interface. This way, the VM could directly use one of > the two IP addresses, eliminating the need for NAT. > > > $ uname -r > > 6.7 > > You should upgrade to 6.8 now. The 6.9 release is just around the corner. > -- С уважением, Денис *Это сообщение и любые документы, приложенные к нему, содержат конфиденциальную информацию. Уведомляем Вас о том, что использование, копирование, распространение информации, содержащейся в настоящем сообщении, запрещено.*
