On Sat, Feb 22, 2020 at 10:06:49PM +0100, Tobias Heider wrote: > Try this This makes iked use the reverse record of the FQDN's IP (which IP?).
I have peers with both IPv4 and IPv6 addreses, one of those peers has an incorrect reverse record, thus iked will not end up using the FQDN I used as `peer ...' but rather the FQDN it gets after name resolution back and forth. For peers with proper DNS in both ways this diff yields the correct `dstid' without explicitly specifying it, but that is not the right approach; iked should simply copy over the value from `peer' to `dstid' as is.