Heya On Thu, Apr 14, 2011 at 8:05 AM, Matt S <maschwa...@yahoo.com> wrote:
> ________________________________ > You might consider a creative solution with Dead Peer Detection. Per > ipsec.conf(4), you enable Dead Peer Detection by using an ike dynamic > statement. > > > One thing that came to mind for manual configuration is an authpf shell or equivalent... On connection by that shell account, manually bring up the IPSEC connection, on disconnect bring it down. That way you have the internal server wanting to communicate have some control over when the VPN is active. But yes, the focus does seem to be on how you can automate an otherwise currently manual function. Shane
