Hi,
I agree withe Larsen suggestions to have the include als at the bottom. With the include stetment on the top the seteetings of ipsec.user.conf are overwritten and the connection e.g. to IOS or Android will not work following the proposal in the wiki or the forum.
regards Heribert



-----Original-Nachricht-----
Betreff: Re: IPsec: Include ipsec.user.conf at the bottom
Datum: Tue, 19 May 2015 16:55:38 +0200
Von: Larsen <larsen007@web.de>
An: "Michael Tremer" <michael.tremer@ipfire.org>

Hi,

> this is intentional because I use this configuration file only to change
> some default settings by adding: conn %default and sometimes using the
> setup section. That doesn't work when it is at the bottom.

Which config file exactly do you use?
It sounds like you are using "ipsec.user.conf", but I see "conn %default"
in "ipsec.conf".

Perhaps we can simply have two includes? One at the top and one at the
bottom?


> Depending on what ever you want to do: Isn't it better to integrate that
> configuration into the CGI script?

A co-worker has setup IPsec so I am not deeply familiar why he choosed to
configure it like he did. Afaik, he was following the wiki, but I also
know that this didn´t went smoothly and he had to correct things with help
of the forum.
That being said, at the moment IPFire creates the entries in "ipsec.conf"
and we add the following stuff to "ipsec.user.conf":

conn jdoepc
leftsubnet=0.0.0.0/0
leftallowany=yes
rightsubnet=192.168.110.0/24
rightsourceip=192.168.110.118
rekey=no

Is there a better way to do this?
We need "rekey=no" for the connection to be stable with Win7 (more on that
in a later post).


Lars
_______________________________________________
Development mailing list
Development@lists.ipfire.org
http://lists.ipfire.org/mailman/listinfo/development