On Sep 15, 2009, at 8:33 AM, David Kerr wrote: > > > On Tue, Sep 15, 2009 at 9:10 AM, Lonnie Abelbeck <li...@lonnie.abelbeck.com > > wrote: > > On Sep 14, 2009, at 10:17 PM, Tom Mazzotta wrote: > > > 3. Regarding the addressing, astlinux lead me to believe that it > > supported a dynamic end-point because the default value in the > local- > > host ip field is $EXTIP. Is this a legit value, or should I change > > it to the actual IP used by the WAN i/f, even if it might change in > > the future? Is it possible that a future version might support at > > least one dynamic endpoint? > > If you are using DHCP for the external interface, then you can't use > $EXTIP as the local-host value, instead use the actual IP address. (or > 0.0.0.0 wildcard) > > Would it be possible to use a URL and DNS lookup? For example > xxxx.dyndns.org that is registered and kept up-to-date with inadyn? > > David
No, not with IPsec using 'main' mode, the actual IP address is a part of the security policy. Using certificates is a solution, but trunk/0.7 does not support that. Also a FQDN 'could' be used as an identity, but that requires the use of 'aggressive' mode which has security issues, so we chose not to support that. Lonnie ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
