Thanks Philip,
My point is that if $VPN="", then no vpn should start. OpenVPN
currently behaves this way.
I am suggesting IPsec should act the same way, ie in racoon.init
init()
{
if [ "$VPN" -a "$VPN" = "racoon" ]
...bla bla
fi
}
currently this is not the behavior.
Lonnie
On Sep 10, 2008, at 7:43 PM, Philip Prindeville wrote:
> Picking up an offline conversation...
>
> We currently have the "$VPN" variable in /etc/rc.conf just as we do
> for
> the firewall selection...
>
> Not sure that it's appropriate in the former case. With a firewall,
> you
> really only need 0 or 1.
>
> But with VPN, you can have mix & match of both VPN-over-IPsec and
> VPN-over-SSL (and conceivably VPN-over-L2TP and VPN-over-PPTP and
> VPN-over-carrier pigeons and ...) ... well, basically as many
> instances
> and varieties of VPN as are useful to support all the peering
> combinations that users might have.
>
> Lonnie thinks that setting VPN to "ipsec", "openvpn", or "" simplifies
> management.
>
> I think this is an unnecessary constraint on how VPN gets used, and we
> should try to make it as flexible as reasonable.
>
> Anyone else want to contribute their thoughts?
>
> Thanks,
>
> -Philip
>
> Philip Prindeville wrote:
>> I'll look into it.
>>
>> -Philip
>>
>>
>> Justin Coffi wrote:
>>
>>> I got a nasty error using the built in racoon config in rc.conf
>>> using
>>> the astlinux-0.6-1934-via.tar.gz image.
>>>
>>> 09-10-2008 19:50:06 Daemon.Info 192.168.XX.XX racoon:
>>> ERROR: /tmp/etc/racoon.conf:8: "sec" NAT-T support not compiled in.
>>>
>>>
>>>
>>> Philip Prindeville wrote:
>>>
>>>> Not even necessary.
>>>>
>>>> You can run racoon with an alternate config file, as:
>>>>
>>>> racoon -f /etc/racoon2.conf
>>>>
>>>> for instance.
>>>>
>>>>
>>>> Justin Coffi wrote:
>>>>
>>>>
>>>>> I'd like to use racoon as a client (as in Client <---> Server)
>>>>> in VPN
>>>>> connections. Can I, in theory, just remove the link to it in /
>>>>> etc/ and
>>>>> replace it with a real racoon.conf file located at /mnt/kd/
>>>>> racoon.conf ?
>>>>>
>>>>>
>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>
>>>>
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win
> great prizes
> Grand prize is a trip for two to an Open Source event anywhere in
> the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Astlinux-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to [EMAIL
> PROTECTED]
> .
>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to [EMAIL
PROTECTED]
