Subject: Re: ipsec_set_policy(3) syntax for multiple tunnel endpoints
To: None <>
From: None <>
List: tech-net
Date: 06/18/2002 11:57:40
>Obviously, this doesn't scale well. It would be nice
>just to need two lines like:
>spdadd DLNET any -P out ipsec esp/tunnel/R-(=PEER)/require;
>where (=PEER) would evaluate to the actual connection partner from
>DLNET at runtime.

	we don't dynamically generate policy in the kernel.  if you are using
	racoon for IKE, "generate_policy" directive may suit you needs.