Hi,
this is intentional because I use this configuration file only to change some default settings by adding: conn %default and sometimes using the setup section. That doesn't work when it is at the bottom.
Which config file exactly do you use? It sounds like you are using "ipsec.user.conf", but I see "conn %default" in "ipsec.conf".
Perhaps we can simply have two includes? One at the top and one at the bottom?
Depending on what ever you want to do: Isn't it better to integrate that configuration into the CGI script?
A co-worker has setup IPsec so I am not deeply familiar why he choosed to configure it like he did. Afaik, he was following the wiki, but I also know that this didnĀ“t went smoothly and he had to correct things with help of the forum. That being said, at the moment IPFire creates the entries in "ipsec.conf" and we add the following stuff to "ipsec.user.conf":
conn jdoepc leftsubnet=0.0.0.0/0 leftallowany=yes rightsubnet=192.168.110.0/24 rightsourceip=192.168.110.118 rekey=no
Is there a better way to do this? We need "rekey=no" for the connection to be stable with Win7 (more on that in a later post).
Lars