Yeah I thought that this was going in some of these directions where you want to add really bad configuration directives like rekey=no. We will discuss that in the other thread on this list though...
I generally oppose having too many "hidden" include files that can be used to overwrite the basic configuration. They often give us a headache when we touch things because eventually we will break some of those manual settings. We keep telling ourselves that this is fine because we never said that we supported them any way. But that is not really a valid point.
The better option should be to not need those files.
-Michael
On Tue, 2015-05-19 at 17:28 +0200, Larsen wrote:
Just stumbled across this in vpnmain.cgi: "/etc/ipsec.user-post.conf"
When this file exists, it will be included. So apparently, we were using the wrong file (or the documentation is missing that - I don´t know where my co-worker got it from).
Lars
On Tue, 19 May 2015 17:07:41 +0200, Heribert Schorn Schorn@t-online.de wrote:
Hi,
I agree withe Larsen suggestions to have the include als at the bottom. With the include stetment on the top the seteetings of ipsec.user.conf are overwritten and the connection e.g. to IOS or Android will not work following the proposal in the wiki or the forum.
regards Heribert