On 25.07.2014 19:42, James Shupe wrote:
Note that this doesn't clear old config, so you can't use it to tear
down sessions that you no longer want - you can paste the relevant
config lines to "ipsecctl -df -" to delete them though.
As an added note for ipsecctl -df, you can break all your peers into
their own files and include them from the main ipsec.conf. Then you can
"ipsecctl -df /etc/ipsec/peer.conf"...
When you have several dozen peers, it makes troubleshooting individual
ones a bit easier.
There is a good article about isakmpd/ipsec on undeadly:
http://undeadly.org/cgi?action=article&sid=20131125041429
