> Both sides are intending to "start" the connection.... only one can > "start" the connection, the other side(s) must "add".
Actually, this is quite legal, and how I have most of my VPN's setup (the exceptions are the connections where one end has a dynamic IP...you can't start these from the end that doesn't know both IPs!). Typically, I'll set keying retries to a small number on the "more stable" box (ie the Office VPN gateway) so if for any reason it reboots it will restore the connections, but won't keep trying forever (in case one of the home firewalls is off-line), while I set the home-based systems retries to "0", so they'll keep trying to establish a connection as long as they're on-line. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ------------------------------------------------------- This sf.net email is sponsored by: DEDICATED SERVERS only $89! Linux or FreeBSD, FREE setup, FAST network. Get your own server today at http://www.ServePath.com/indexfm.htm ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
