On Fri, 1 Feb 2019, Nick Howitt wrote:
[root@ad-dc-server ~]# ipsec auto --replace nick-ikev2 002 "nick-ikev2": deleting non-instance connection 000 failed to convert '@howitts.co.uk' at load time: illegal (non-DNS-name) character in name 002 added connection description "nick-ikev2"
No "@" is needed for the left= / right= option. Use left=FQDN. Then addconn will send both the DNS name and an IP address to pluto. Pluto on rekeying will notice there was a DNS name supplied and do a fresh lookup. This has been in libreswan for a long time, ever since removing the DYNDNS compile time option. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
