On 2019-03-13, Fedor Piecka <teplav...@gmail.com> wrote: > Does anybody see any misconfiguration or misunderstanding on our side? Or > is this a bug (IMHO a security bug) in OpenBSD IPsec implementation?
isakmpd: it is a misconfiguration (but an incredibly common one), you should use a keynote policy to prevent this. If the same applies to iked (I haven't tested but suspect it's the case) then there it's more of a bug because there's no way to change iked config to avoid it.
