On 2023-10-16, rea...@catastrophe.net <rea...@catastrophe.net> wrote: > On Sun, Oct 15, 2023 at 04:56:17PM -0000, Stuart Henderson wrote: >>On 2023-10-15, rea...@catastrophe.net <rea...@catastrophe.net> wrote: >>> What is a better way to configure iked on site-obsd so that it does not >>> encapsulate local traffic on the 10.89.2.0/24 network? Obviously my >>> understanding is incorrect, so any help is appreciated. >> >>You should be able to add a bypass flow in ipsec.conf, and set ipsec=YES >>but *not* isakmpd_flags in rc.conf.local. >> >>To load manually without rebooting, ipsecctl -f /etc/ipsec.conf > > Ah, well...I'm using iked. I'll see if there is something similar.
While ipsecctl is normally used to signal isakmpd it can also be used to install flows manually and that is what you want to do in this case.
