[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ipsec.conf - specifying peer as a fqdn, possible?

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: ipsec.conf - specifying peer as a fqdn, possible?
From: "Jean Raby" <raby_(_dot_)_jean_(_at_)_gmail_(_dot_)_com>
Date: Tue, 4 Apr 2006 22:54:54 -0400

Hello,

i've been testing some vpn configurations with ipsecctl - ipsec.conf
on 3.9-CURRENT (i386), a snapshot from March 30 2006.

Is there a way to specify the "peer" as a fqdn in a ike esp  rule?
something like:

ike dynamic esp from 10.150.150.2 to 192.168.1.0/24 peer vpn.example.com

(dstid should probably be added)

when using this, i get the following error:
# ipsecctl -vnf ipsec.conf
no IP address found for vpn.example.com

I know the man page quite clearly says that all addresses in such a rule
have to be specified in  CIDR notation,  but using a fqdn for the peer
could be useful
for setups in which the endpoint has a dynamic ip and uses something
like dyndns
to have a fqdn pointing at the right ip.

Did I miss something obvious, or there are legitimate reasons for
making this stuff ip addresses only?

Thanks


Jean

Prev by Date: Re: When would you NOT use OpenBSD?
Next by Date: Re: When would you NOT use OpenBSD?
Previous by thread: Cross compiling 3.8-stable on i386 for mac68k
Next by thread: Re: Bluetooth in OpenBSD
Index(es):
- Date
- Thread

Visit your host, monkey.org