Is it possible to enable plugins selectively by connection ? The ones I'm interested in are cisco unity and libipsec.
The reason libipsec is (potentially) interesting is that it creates tun device. If it were possible to force creation of separate tun devices for each connection (at least each connection with a modecfg virtual IP), then I could use a static MASQUERADE rule on that interface rather than a SNAT rule dynamicaly added when the connection comes up, and lost if the firewall (shorewall) is restarted, bringing down the connection until the connection is also restarted.. _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
