[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ipsec.conf - specifying peer as a fqdn, possible?


i've been testing some vpn configurations with ipsecctl - ipsec.conf
on 3.9-CURRENT (i386), a snapshot from March 30 2006.

Is there a way to specify the "peer" as a fqdn in a ike esp  rule?
something like:

ike dynamic esp from to peer vpn.example.com

(dstid should probably be added)

when using this, i get the following error:
# ipsecctl -vnf ipsec.conf
no IP address found for vpn.example.com

I know the man page quite clearly says that all addresses in such a rule
have to be specified in  CIDR notation,  but using a fqdn for the peer
could be useful
for setups in which the endpoint has a dynamic ip and uses something
like dyndns
to have a fqdn pointing at the right ip.

Did I miss something obvious, or there are legitimate reasons for
making this stuff ip addresses only?



Visit your host, monkey.org