Ingo Oeser wrote:
Patrick McHardy wrote:
When moving around with my notebook I got annoyed by having
to change the IPsec policies whenever I get a new address.
This patch handles a tunnel source of 0.0.0.0 as special case
and using routing to get the real source address for the
acquire message. I've tested with racoon and it works fine.
Any objections to this?
If this is fully equivalent to the racoon patch, I would like to have
this patch in kernel 2.6.16.
Rationale: Running with a custom kernel is quite normal these days.
Running custom userspace tools is a maintainence nightmare.
Getting certain distributions to update these kind of tools to get a
usable version is close to impossible.
That shouldn't be the deciding reason. although its certainly true.
The advantage of doing this in the kernel is that it hopefully works
transparently with any keying daemon, but as the racoon patch shows,
its quite easy to do this in userspace. I'm fine either way, so
someone else please decide :)
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
