Hello, i've been testing some vpn configurations with ipsecctl - ipsec.conf on 3.9-CURRENT (i386), a snapshot from March 30 2006.
Is there a way to specify the "peer" as a fqdn in a ike esp rule? something like: ike dynamic esp from 10.150.150.2 to 192.168.1.0/24 peer vpn.example.com (dstid should probably be added) when using this, i get the following error: # ipsecctl -vnf ipsec.conf no IP address found for vpn.example.com I know the man page quite clearly says that all addresses in such a rule have to be specified in CIDR notation, but using a fqdn for the peer could be useful for setups in which the endpoint has a dynamic ip and uses something like dyndns to have a fqdn pointing at the right ip. Did I miss something obvious, or there are legitimate reasons for making this stuff ip addresses only? Thanks Jean