I will add a feature for it to automatically talk to the 2nd firewall and for it to tell the 2nd to reload its ipsec configuration. This will solve all these problems.
Only stipulation is that both endpoints will need to be pfSense, but thats not really something I'm concerned with as you should only be using pfSense :P Scott On 11/23/05, Chris Buechler <[EMAIL PROTECTED]> wrote: > Angelo Turetta wrote: > > >Yes, fine. And who's gonna tell your tunnel partner your address has > >changed and their SPD must be changed? Do you have a protocol for doing > >that in a standard way? What if you have a Cisco router on the other side? > > > > > > > > it will be the same regardless of what you have on the other side (and > I'm not sure if this will actually work as it should). dhclient exit > script will only update the end where the IP changed, not the remote end > where the IP has not changed, no matter what is running on the remote end. > > what should happen at that point is the dead peer detection in > ipsec-tools (or whatever other compliant device is on the other side) > should do its thing and recognize the remote side's IP has changed. the > re-resolving DNS names is only part of the solution. > > I'm not familiar enough with ipsec-tools to know anything further, and > can't say that I've tested this much. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
