Hi Glen, > The doc seems to indicate that before 5.0.0, rightid=example.com > will resolve the domain to an IP address. How to > get this behavior after 5.0.0.?
5.x won't resolve any hostnames in identities. If you want to use IPs just configure the IPs, if they are dynamic use something else as identities. > Also I guess the ID selector in ipsec.secrets is unrelated to > left/rightid? The ID selector is a list of identities, so those are matched against the values in left|rightid (or xauth|eap_identity). However, for IKEv1 there is a lookup based on the IP addresses first and only when using Aggressive Mode will a responder be able to use identities to find secrets. > But is it possible to specify a domain in id selector but > actually use its resolve IP as the used value? No. Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
