Hi Paul,
Do you know when this feature was added? It does not appear to be in
3.23-5.el7_5. I am getting:
[root@ad-dc-server ~]# ipsec auto --replace nick-ikev2
002 "nick-ikev2": deleting non-instance connection
000 failed to convert '@howitts.co.uk' at load time: illegal
(non-DNS-name) character in name
002 added connection description "nick-ikev2"
Thanks
Nick
On 25/01/2019 08:20, Nick Howitt wrote:
On 25/01/2019 03:23, Paul Wouters
wrote:
On Thu, 24 Jan 2019, Nick Howitt wrote:
It changes things slightly. If you are on dynamic IP but
your machine
does have its DNS name updated when its IP address changes,
then you
can use right=@DNSNAME and left=@DNSNAME and when the
connection fails
(eg you enable DPD) then the DNS name will be looked up
fresh. So in
that case, both ends can have auto=start and you can run
ipsec auto --up
but you will not be using "%any" in that case.
Hi Paul,
This is good news to me (@DNSNAME), but where is this usage of
left/right documented? I don't see it in man ipsec.conf.
I've added a note to the "left" section of the man page. Thanks
for
pointing out this information was missing.
Thanks. Presumably that is in your dev branch? I had a look on the
website and it has not changed yet.
O/T
While there, I noticed the button linking to the source tarball on
https://libreswan.org/man/ pointed to
https://download.libreswan.org/libreswan-3.23.tar.gz
whereas the one on https://libreswan.org/
points to https://download.libreswan.org/libreswan-3.27.tar.gz
Nick
|
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
