|
||||||||||
> Christopher M. Iarocci wrote: > > > Thank you for the solution to the problem. Now to get Manuel to > > implement it. :-) I'm forwarding this on to him also in the hopes he > > can find it in his heart to include this in the next release. :-) > > Sure, no problem, but can you confirm this: all that is really required > is changing "required" to "unique" in the spdadd command? No side > effects, no nothing (I'm too lazy to check at the moment - too much > going on ;)? It sure doesn't sound like it should cause problems, > though... The way it is now you have one SA per policy only anyway. > > - Manuel All I can say is that it works on our firewall without any apparent side effects. The firewall is FreeBSD 4.8-something and it is using racoon for IKE. It has six tunnels to our HQs in US that uses the same remote gateway (those tunnels were the problem before I tested "unique") and one to a m0n0wall. As far as I can tell from the documentation "unique" should be ok, but you might want to ask someone who actually knows. :) (As far as I can tell it might even be possible to always use "unique" instead of "required". But all examples I have ever seen uses "required"...) I'll let you know what happens with my modified m0n0wall. (I'm not even sure it boots yet.) Best Regards, Ola |