Hi: It seems that the reqid attribute doesn't play nicely with nested connections (e.g., you have an ESP tunnel to your default gateway and all traffic must flow through that tunnel). With normal connections, reqid selects the correct SAs for each IPsec connection/policy. However, when we have nested connections, a policy may consist of multiple layers of IPsec connections. This means that we're forced to use the same reqid when two nested connections share the same base connection, which renders it useless for the purpose of selecting SAs. Is there an obvious solution that I'm missing? -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
