If the "peer" address is not specified or derived from "to" for

"ike" rules in ipsec.conf, the default peer is used.  In theory
ipsecctl -f ipsec.conf can configure the default peer for each "ike"
entry.  As isakmpd only supports one default peer, the last "ike"
rule that uses a default peer wins.  This configuration is then
significant for all "ike" rules that use the default peer.

Now a warning is printed if a later rule in ipsec.conf changes the
configuration of the original default peer.  This should be an error
but that would break existing user configs.  So only a warning is
printed.

ok hshoexer@, todd@

1 files changed, 2 insertions, 2 deletions

diff --git a/regress/sbin/ipsecctl/Makefile b/regress/sbin/ipsecctl/Makefile
index b860c2ee0d2..963e4d19649 100644
--- a/regress/sbin/ipsecctl/Makefile
+++ b/regress/sbin/ipsecctl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.55 2009/01/29 10:08:13 bluhm Exp $
+# $OpenBSD: Makefile,v 1.56 2009/01/30 14:24:52 bluhm Exp $
 
 # you can update the *.ok files with: make -i | patch
 # TARGETS
@@ -15,7 +15,7 @@ TCPMD5TESTS=1 2 3
 SATESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
 SAFAIL=1 2
 IPSECFAIL=1 2 3
-IKEFAIL=1 3 4 5 6 8 9 11 12 13
+IKEFAIL=1 3 4 5 6 8 9 11 12 13 14
 IKETESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
 IKETESTS+=16 17 18 19 20 21 22 23
 IKETESTS+=29 30 31 32 33 34 35 36 37 38 39 40