2011/1/10, Christoph Leser <le...@sup-logistik.de>: > > I would like to ask: > > 1. Is it true, that isakmpd is supposed to accept any ID parameter of > type IPV4_ADDR_SUBNET ) in quick mode and set up a corresponing route, > even when it is the 'default' route?
Yes, some people want all their traffic through encrypted tunnel. I used to bring IPv6 to places where people were ignoring it -- exactly this way. You might want to specify it in your policy file, like: remote_filter != "000.000.000.000-255.255.255.255" or remote_filter_type != "IPv4 subnet" > 2. What would I have to change to only accept those remote network Ids > that are configured in ipsec.conf? The above, or more specific. Sorry for the previous empty reply, I'll finally try to learn how to use an email client. -- Martin Pelikan
