On Wed, Dec 11, 2013 at 09:41:30AM +0000, Some Developer wrote: > The problem is that many of my peers have dynamic IP addresses and > therefore won't know their IP address ahead of time and they also do > not have control over their host name either (or won't know what it > is).
Use FQDNs instead. The FQDN in the certificate doesn't have to match the host's FQDN, just use srcid and/or dstid on ipsec.conf. Cheers Zé
