I am setting up Frees/wan IPSec tunnels between two sites that both have dynamic IPs.
I can get both sites to do a dynamic DNS update (both forward and reverse) to a DNS server with a static IP before I need the tunnels to come up. At the left end, basically the listening end, I have no problems because I use: keyingretries=1 left=%defaultroute leftrsasigkey=%dns [EMAIL PROTECTED] right=%any rightrsasigkey=%dns [EMAIL PROTECTED] auto=add At the right end, the sending end, I use what is essentially a Road Warrior setting: keyingretries=0 leftrsasigkey=%dns [EMAIL PROTECTED] right=%defaultroute rightrsasigkey=%dns [EMAIL PROTECTED] auto=start What I would like to put here is: left=%dns It makes sense to me that that should work, after all it uses the DNS to get the KEY record so why not the A record, but it is not valid. I was wondering if opportunistic keying might be the answer, but apart from having difficulty understanding it, I am not sure if it is what I want anyway. Any ideas? -- Howard. LANNet Computing Associates - Your Linux people Contact detail at http://www.lannetlinux.com "We are either doing something, or we are not. 'Talking about' is a subset of 'not'." -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
