On Sat, Feb 25, 2006 at 10:29:11AM -0500, Matthew Closson wrote:
> Rather than have isakmpd bring up all tunnels when the daemon starts up,
> is there a way to have it bring up the tunnels on demand? For example.
>
> host_a ----> router_b <------------> router_c <----- host_d
>
> Is there a way to setup isakmpd so that if host_a tries to send a packet
> to host_d, router_b will start IPSEC negotiation with router_c at that
> point, instead of as soon as isakmpd starts?
Why would you want to do that? It's not like keeping a tunnel up will
use any significant amount of resources, while on-demand tunneling will
prove to impose quite a bit of delay.
Joachim
