> Note that this doesn't clear old config, so you can't use it to tear > down sessions that you no longer want - you can paste the relevant > config lines to "ipsecctl -df -" to delete them though. > > >
As an added note for ipsecctl -df, you can break all your peers into their own files and include them from the main ipsec.conf. Then you can "ipsecctl -df /etc/ipsec/peer.conf"... When you have several dozen peers, it makes troubleshooting individual ones a bit easier. -- James Shupe
