On Thu, Oct 12, 2006 at 10:07:27AM +0200, viq wrote:
>...
> Now, there are two caveats to this I didn't yet figure out how to solve.
> 1) VPN-B must be able to resolve vpn-b.my.domain to the address of
> it's egress interface, otherwise the traffic won't get encapsulated.
> Right now I was doing that by editing /etc/hosts by hand, but there
> must be a better way... (hmm, by dhclient-script ? Or maybe is there a
> way to reference "self" in ipsec.conf ?)
use the "egress" interface group name:
ike dynamic esp from egress to any peer vpn-a.my.domain srcid ...
