Following the FAQ at https://www.openbsd.org/faq/faq17.html I ran into the following problem with the server2 example: =========================== ikev2 'server2_rsa' active esp \ from 10.0.2.0/24 to 10.0.1.0/24 \ peer 192.0.2.1 \ dstid server2.domain ===========================
=========================== # iked -dv set_policy: could not find pubkey for /etc/iked/pubkeys/fqdn/server2.domain =========================== Is the above an error to be concerned with? Doesn't the system know that its pubkey exists as /etc/iked/local.pub ? Should /etc/iked/local.pub be copied to /etc/iked/pubkeys/fqdn/server2.domain ? (of course I'm using the actual fqdn of the systems in question and literally serverX.domaIn) No such error on the server1 example, although it seems that srcid is not checked for the pubkey as dstid is. Chris
