On 22 April 2014 17:13, Philipp <e1c1bac6253dc54a1e89ddc046585...@posteo.net> wrote: > It happened! A remote peer *requires* IKEv2 - and I've to do that on a > machine running isakmpd with somewhat 25+ IKEv1 peers. > > First hurdle: I cannot bind iked to a certain (carp) IP-address. Mad > workaround: start isakmpd (with Listen-on) first. > Second hurdle: iked loads "its" SAs and eventually does this by creating a > new empty SADB, effectivly killing all > the SAs isakmpd loaded into the kernel before? > > Is there a diff sleeping out there for tackling the first hurdle? > > For the second one, I've to refrain from testing this in live further more. > First to reconstruct my Frankenstein-Lab. > > Cheers for any thoughts beside "mad, bro?" :-) >
more like it's not supported and is not supposed to work. it's like running nginx and apache at the same time but worse since there are kernel tentacles involved as well (as you might have figured out already) that will likely prevent you from doing that on the same box but different ip addresses. cheers, mike
