Re: openiked + rc.conf.local

2016-09-26 Thread Matt Behrens
On Sep 26, 2016, at 2:26 PM, Infoomatic wrote: >> Do you get any more output if you do "rcctl -f -d start iked"? > the output is: > doing _rc_parse_conf > doing _rc_quirks > iked_flags empty, using default >< > doing _rc_parse_conf /var/run/rc.d/iked > doing _rc_quirks > doing rc_check > iked >

Re: openiked + rc.conf.local

2016-09-26 Thread Infoomatic
> Do you get any more output if you do "rcctl -f -d start iked"? the output is: doing _rc_parse_conf doing _rc_quirks iked_flags empty, using default >< doing _rc_parse_conf /var/run/rc.d/iked doing _rc_quirks doing rc_check iked doing rc_pre configuration OK and then the terminal is blocked again

Re: openiked + rc.conf.local

2016-09-26 Thread Stuart Henderson
On 2016-09-26, Infoomatic wrote: >> On Mon, Sep 26, 2016 at 02:17:35PM +0200, Infoomatic wrote: >> > also, the already running endpoint did not receive any packets. >> >> Nobody on this list can run ifconfig, route, and tcpdump on *your* box >> to figure out where you're losing packets... > > thi

Re: openiked + rc.conf.local

2016-09-26 Thread Infoomatic
> On Mon, Sep 26, 2016 at 02:17:35PM +0200, Infoomatic wrote: > > also, the already running endpoint did not receive any packets. > > Nobody on this list can run ifconfig, route, and tcpdump on *your* box > to figure out where you're losing packets... this is not a connectivity issue. To clarify:

Re: openiked + rc.conf.local

2016-09-26 Thread Stefan Sperling
On Mon, Sep 26, 2016 at 02:17:35PM +0200, Infoomatic wrote: > also, the already running endpoint did not receive any packets. Nobody on this list can run ifconfig, route, and tcpdump on *your* box to figure out where you're losing packets...

Re: openiked + rc.conf.local

2016-09-26 Thread Infoomatic
> On Mon, Sep 26, 2016 at 01:56:20PM +0200, Infoomatic wrote: > > ipsec=YES in rc.conf.local does not change anything, and appending > > "ikelifetime 60" to iked.conf neither. > > ipsec=YES and /etc/ipsec.conf are for use with isakmpd. > > iked does not use ipsec.conf. that's what I thought, bu

Re: openiked + rc.conf.local

2016-09-26 Thread Stefan Sperling
On Mon, Sep 26, 2016 at 01:56:20PM +0200, Infoomatic wrote: > ipsec=YES in rc.conf.local does not change anything, and appending > "ikelifetime 60" to iked.conf neither. ipsec=YES and /etc/ipsec.conf are for use with isakmpd. iked does not use ipsec.conf. > I am quite sure this is just a minor

openiked + rc.conf.local

2016-09-26 Thread Infoomatic
Hi, I am trying to get an sit-to-site ipsec tunnel to work with openiked. The configuration seems quite easy, testing also works. The iked.conf is: ikev2 "test" esp \ from 192.168.1.1 to 192.168.3.1 \ from 192.168.1.0/24 to 192.168.3.0/24 \ local 192.168.1.1 peer 192.168.3.1 \ psk thisisjustatest