> Maybe you misunderstood - I am just talking about a couple of lines in > ipsec.conf to setup the bypass flow, but still use iked for the > actual vpn connection.
That's fair. May be I miss understood you, I thought that you recommended to actually switch to use the ipsec one instead. The setup the bypass flow doesn't it actually need to be up and running first, meaning setup both side of the vpn fro this? As for other solutions, sure there is other choice, but for decades I stick to the most simpler solution possible and call me stuburn, I do everything with OpenBSD, sure some stuff may be best with something else, but over time I got so comfortable with OpenBSd that I am welling to have a bit weird setup at times, or less efficient as well, just use more hardware when that happens. At my age I value piece of mind and sleep without disruption. The last time I use something else was NetBSD 1.61, Solaris 9, Debian Woody if I recall properly, The last release of BSDI, only commercial version I even used, RedHat 5.0 and FreeBSD 3.2. I tried Caldera in that same era, but could never setup it up properly so never touched it again after that wasted time with it. believe I tried 2 more distribution of Linux/GNU, but I can't recall them nor do I really care too either! So, call me OpenBSD limited mind fan boy and I will accept that. My son does! (; You reach an age where searching for days to try to find how to do something on the net with Linux or others, is really not where I want to pend my time and the fact that the man page on opneBSD are so good, yes I time they drive me crazy as some example are missing a bit, but after to get it to work once then after that fact you understand what they mean by their example in the man page. That's my one critic really. Sometime it take me a few days to get new stuff done, but still better then searching for weeks to find the version of Linus, of freebsd, or what not to try. My last test with with FreeBSD, just a few months ago and their NAT is in uselan and performance sucked real bad as my son convince me to give FreeBSD a trial on router performance that I needed, but that was a show stopper for me. So, yes Stuart, there is other choice out there you are 100% right, but consider me a stuborn bastard that like simple clean setup, that's why I will spend more time trying to have OpenBSD do what I need even if that might not be the best tool for the job simply because I am very comfortable with it and I trust it without questions! I have no clue how old you are and that's none of my business, but you will see as time goes, you will too try to make your life simpler and value the time you have more. (; So, if there is a way to do the flow bypass without having the full ikev1 running between the tunnels, I sure will give it a run. I didn't understood your statement as such sorry for my bad. Daniel
