Ad Schellevis

if/when `if_ipsec(4)` supports the endpoints to be changed without recreating the interface, we might reconsider putting time in this, but until that time, this isn't a priority as it will...

You can keep using the legacy tunnels, maybe eventually we think of something that is sustainable or an upstream change will offer the possibility to change `if_ipsec(4)` addressing on the...

This https://github.com/opnsense/core/commit/816ecae2c5be3c3e9efa22aa653be19d32afc419 should do the trick, but now I'm looking for people to try it out.

@joni1993 thanks for testing. I'll leave this here for a little while, maybe someone else want to try it as well. Merging should be relatively safe as setups with local/remote...

nobody else interested in this? that's surprising....

`opnsense-patch 816ecae` ?

@joni1993 when the old type works, it's unlikely related to this change as both are being setup quite similar, on my end a statically configure vti looks normal after an...

@joni1993 what does the `reqid_events.conf` looks like on your end? it's unlikely there are VTI sections in the configuration when properly configured with static addresses https://github.com/opnsense/core/blob/b27881c4361a21959a66283789f875c813bbd8d1/src/opnsense/service/templates/OPNsense/IPsec/reqid_events.conf#L21 Without sections starting with...

@joni1993 you mentioned your setup worked before this change, dynamic addresses weren't supported before 21.1.4 for the new connections.

if the log contains the event being processed in : https://github.com/opnsense/core/blob/b27881c4361a21959a66283789f875c813bbd8d1/src/opnsense/scripts/ipsec/updown_event.py#L55 we can add some additional logging to help local debugging, in that case just open a new ticket to...