Re: AW: IPsec: Include ipsec.user.conf at the bottom

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 1386 bytes --]

Yeah I thought that this was going in some of these directions where you
want to add really bad configuration directives like rekey=no. We will
discuss that in the other thread on this list though...

I generally oppose having too many "hidden" include files that can be
used to overwrite the basic configuration. They often give us a headache
when we touch things because eventually we will break some of those
manual settings. We keep telling ourselves that this is fine because we
never said that we supported them any way. But that is not really a
valid point.

The better option should be to not need those files.

-Michael

On Tue, 2015-05-19 at 17:28 +0200, Larsen wrote:
> Just stumbled across this in vpnmain.cgi:
>      "/etc/ipsec.user-post.conf"
> 
> When this file exists, it will be included. So apparently, we were using  
> the wrong file (or the documentation is missing that - I don´t know where  
> my co-worker got it from).
> 
> 
> Lars
> 
> 
> 
> On Tue, 19 May 2015 17:07:41 +0200, Heribert Schorn <Schorn(a)t-online.de>  
> wrote:
> 
> > Hi,
> >
> > I agree withe Larsen suggestions to have the include als at the bottom.  
> > With the include stetment on the top the seteetings of ipsec.user.conf  
> > are overwritten and the connection e.g. to IOS or Android will not work  
> > following the proposal in the wiki or the forum.
> >
> > regards
> > Heribert

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]