On Sun, Oct 15, 2023 at 04:56:17PM -0000, Stuart Henderson wrote: >On 2023-10-15, rea...@catastrophe.net <rea...@catastrophe.net> wrote: >> What is a better way to configure iked on site-obsd so that it does not >> encapsulate local traffic on the 10.89.2.0/24 network? Obviously my >> understanding is incorrect, so any help is appreciated. > >You should be able to add a bypass flow in ipsec.conf, and set ipsec=YES >but *not* isakmpd_flags in rc.conf.local. > >To load manually without rebooting, ipsecctl -f /etc/ipsec.conf
Ah, well...I'm using iked. I'll see if there is something similar.
