On Fri, Jun 19, 2020 at 11:19:11AM -0400, Sonic wrote: > With IKEDv1 I was able to use alias addresses for the VPN tunnels with > a Listen-on directive in isakmpd.conf: > ====================== > [General] > Listen-on= 1.2.3.7 > ====================== > > So far my attempts with IKEDv2 have been unsuccessful at using alias > addresses. Is it possible? > > Thanks! > > Chris
iked(8) listens on all addresses. It binds on 0.0.0.0:500 and receives all IKE messages that arrive, unless there's an isakmpd(8) runnin on the same address. Thus there's no need to specify an additional address, because it's already listening on all addresses. If you want to use a specific address for a policy, you can use the "local" keyword to specify it. This is part of the policy, not a global option. Then iked(8) continues to losten on 0.0.0.0:500, but the policy will only match if the IP address match to the one specified as "local". Patrick
