[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ipsec.conf - specifying peer as a fqdn, possible?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: ipsec.conf - specifying peer as a fqdn, possible?
- From: "Jean Raby" <raby_(_dot_)_jean_(_at_)_gmail_(_dot_)_com>
- Date: Tue, 4 Apr 2006 22:54:54 -0400
i've been testing some vpn configurations with ipsecctl - ipsec.conf
on 3.9-CURRENT (i386), a snapshot from March 30 2006.
Is there a way to specify the "peer" as a fqdn in a ike esp rule?
ike dynamic esp from 10.150.150.2 to 192.168.1.0/24 peer vpn.example.com
(dstid should probably be added)
when using this, i get the following error:
# ipsecctl -vnf ipsec.conf
no IP address found for vpn.example.com
I know the man page quite clearly says that all addresses in such a rule
have to be specified in CIDR notation, but using a fqdn for the peer
could be useful
for setups in which the endpoint has a dynamic ip and uses something
to have a fqdn pointing at the right ip.
Did I miss something obvious, or there are legitimate reasons for
making this stuff ip addresses only?