[Swan-dev] more examples of weird options

[Paul Wouters]

example #1:

 	conn foo
 		rekey=no
 		audo=add

admin runs: ipsec auto --up foo

This connection will die when the lifetime is reached. That might not be
obvious to the admin.

example #2:

 	conn foo
 		rekey=no
 		auto=start

This connection will work for 1h when you boot the machine, then die.

example #3:

 	conn foo
 		rekey=no
 		dpdaction=restart

This actually turns into a warning and get changed to dpdaction=hold

example #4:

 	conn foo
 		rekey=yes
 		auto=add

This connection actually does not come up at boot unless the other end
does. (and it doesn't even prevent packet leaks)

example #5

 	conn foo
 		keyingtries=3
 		rekey=no

What does this even mean? if you run ipsec auto --up it will try and if
failing, will try two more times in the background, then give up forever


example #6

 	conn foo
 		keyingtries=0
 		rekey=no

admin runs ipsec auto --up, now it basically retries forever, but if it
comes up will work once and then stop after the one hour and fail.

What does this even mean? if you run ipsec auto --up it will try and if
failing, will try two more times in the background, then give up
forever.


example #7
 	conn foo
 		dpdacion=hold
 		auto=add
 		keyingtries=0


etc etc. lots of methods to make a connection really inconsistent.

Paul