On 12/10/06, Hans-Joerg Hoexer <[EMAIL PROTECTED]> wrote:
On Thu, Oct 12, 2006 at 10:07:27AM +0200, viq wrote: >... > Now, there are two caveats to this I didn't yet figure out how to solve. > 1) VPN-B must be able to resolve vpn-b.my.domain to the address of > it's egress interface, otherwise the traffic won't get encapsulated. > Right now I was doing that by editing /etc/hosts by hand, but there > must be a better way... (hmm, by dhclient-script ? Or maybe is there a > way to reference "self" in ipsec.conf ?)use the "egress" interface group name: ike dynamic esp from egress to any peer vpn-a.my.domain srcid ...
Oh, indeed, mentioned in man page that you can use interface groups... Way awesome! Thank you! :) -- viq
