I thought they were not supported by ASL in ver 4 but I could be wrong. Have not tried it as yet, waiting on pricing so I can get some more boxes up to test with !
The FreeS/Wan version in V4 supports FQDN in ipsec.conf for the remote endpoint but ASL doesn't yet have a way to specify this. I tried hacking it but was overwritten when I enabled the tunnel. I didn't look further where it might be set.
It could be an option for IPSEC tunnels or even in the Network Definitions. Allowing FQDN in Definitions could make it handy for other rules. The FQDN would need to be re-evaluated each time it is called. Similar to how the interfaces are stored?
The FreeS/Wan version in V4 supports FQDN in ipsec.conf for the remote endpoint but ASL doesn't yet have a way to specify this. I tried hacking it but was overwritten when I enabled the tunnel. I didn't look further where it might be set.
It could be an option for IPSEC tunnels or even in the Network Definitions. Allowing FQDN in Definitions could make it handy for other rules. The FQDN would need to be re-evaluated each time it is called. Similar to how the interfaces are stored?
The FreeS/Wan version in V4 supports FQDN in ipsec.conf for the remote endpoint but ASL doesn't yet have a way to specify this. I tried hacking it but was overwritten when I enabled the tunnel. I didn't look further where it might be set.
It could be an option for IPSEC tunnels or even in the Network Definitions. Allowing FQDN in Definitions could make it handy for other rules. The FQDN would need to be re-evaluated each time it is called. Similar to how the interfaces are stored?
[/ QUOTE ]
Try to edit ipsec.conf-default. This is the template wich overwrites ipsec.conf!
Try to edit ipsec.conf-default. This is the template wich overwrites ipsec.conf!
[/ QUOTE ]
I saw that and thought it only contained the global defaults. I suppose it could also hold connections you didn't want ASL to alter. Good idea, for now. Thanks.
