Mikolaj Kucharski wrote:
Another scenario. When all VPNs are up and stable (traffic is low) and one of the clients is rebooted at boot time when ipsecctl -f /etc/ipsec.conf is executed it's tunell is setup and _all_ other tunnels are immediately dropped.
Am I right to assume that only those tunnels from behind the same NAT device are dropped?
There was what I consider a bug in isakmpd that only looked ad IP pairs when matching packets to existing SAs. So any new connection from the same IP would break the existing ones. I don't know if it's actually fixed.
See http://kerneltrap.org/index.php?q=mailarchive/openbsd-misc/2008/2/3/704644
krgds /markus