Angelo Turetta wrote:
Yes, fine. And who's gonna tell your tunnel partner your address has changed and their SPD must be changed? Do you have a protocol for doing that in a standard way? What if you have a Cisco router on the other side?
it will be the same regardless of what you have on the other side (and I'm not sure if this will actually work as it should). dhclient exit script will only update the end where the IP changed, not the remote end where the IP has not changed, no matter what is running on the remote end. what should happen at that point is the dead peer detection in ipsec-tools (or whatever other compliant device is on the other side) should do its thing and recognize the remote side's IP has changed. the re-resolving DNS names is only part of the solution. I'm not familiar enough with ipsec-tools to know anything further, and can't say that I've tested this much.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
