Provide a description for the dirty hack to not come back scratching.... on it

1 files changed, 5 insertions, 0 deletions

diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index c4b8670..0138c03 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -1080,6 +1080,11 @@ EOD;
 						if (!empty($reqids[$idx]))
 							$ipsecfin .= "\treqid = " . $reqids[$idx] . "\n";
 						$ipsecfin .= $ipsecconnect;
+						/*
+						 * This is for making strongswan consider the various similar
+						 * connection profiles as different and forces it to create
+						 * separate IKE SAs for each subnet from P2
+						 */
 						$ipsecfin .= "\tkeyingtries = {$keyingtries}\n";
 						$keyingtries++;
 						$ipsecfin .= "\trightsubnet = {$rsubnet}\n";