Subject: Re: ipsec_set_policy(3) syntax for multiple tunnel endpoints
To: None <M.Drochner@fz-juelich.de>
From: None <email@example.com>
Date: 06/18/2002 11:57:40
>Obviously, this doesn't scale well. It would be nice
>just to need two lines like:
>spdadd 0.0.0.0/0 DLNET any -P out ipsec esp/tunnel/R-(=PEER)/require;
>where (=PEER) would evaluate to the actual connection partner from
>DLNET at runtime.
we don't dynamically generate policy in the kernel. if you are using
racoon for IKE, "generate_policy" directive may suit you needs.