> Since I am using this in a dynamic environment it is necessary for > me to add policies manually.
While a traffic selector based on the triggering packet is also sent to the peer, this might not work that well. The daemon does not learn the policies you install manually, so you probably still have to load them using left|rightsubnet in auto=route configs. But you can add/remote configs dynamically and use `ipsec update` to notify the daemon (this also works with installpolicy=yes, of course - and similarly via VICI). > So variables such as 'keylifetime' need to be added for each conn. I > assumed there may be a way to define some parameters such as 'rekey' > margin for all connections. No, that has to be added for all connections (it's actually the same for ipsec.conf, there the parser just "adds" the options in %default to all other conn sections - the daemon always sees the complete config). Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
