On Fri, Feb 23, 2007 at 12:09:27AM +0000, Stuart Henderson wrote: > obviously having the same names, the first is overwritten by the second. > > Would I be totally going down the wrong route if I were to change > the hardcoded -default and default- section names in ipsecctl/ike.c > to something based on dstid?
as long as it doesn't then try to use dstid's value for, say: C set [net.100]:Address=net.100 force and then making sure it jived nicely if you actually wanted to do an IPaddr in some other potentially configured peer, that sounds like it would work, so long as the peername at that point was a valid peername for isakmpd. -- jared
