CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2009/01/30 07:24:52
Modified files:
sbin/ipsecctl : parse.y
regress/sbin/ipsecctl: Makefile
Added files:
regress/sbin/ipsecctl: ikefail14.in ikefail14.ok
Log message:
If the "peer" address is not specified or derived from "to" for
"ike" rules in ipsec.conf, the default peer is used. In theory
ipsecctl -f ipsec.conf can configure the default peer for each "ike"
entry. As isakmpd only supports one default peer, the last "ike"
rule that uses a default peer wins. This configuration is then
significant for all "ike" rules that use the default peer.
Now a warning is printed if a later rule in ipsec.conf changes the
configuration of the original default peer. This should be an error
but that would break existing user configs. So only a warning is
printed.
ok hshoexer@, todd@
