OK. Thanks a lot. > On Jun 24, 2015, at 12:27 AM, Tobias Brunner <[email protected]> wrote: > > Hi Glen, > >> The doc seems to indicate that before 5.0.0, rightid=example.com >> will resolve the domain to an IP address. How to >> get this behavior after 5.0.0.? > > 5.x won't resolve any hostnames in identities. If you want to use IPs > just configure the IPs, if they are dynamic use something else as > identities. > >> Also I guess the ID selector in ipsec.secrets is unrelated to >> left/rightid? > > The ID selector is a list of identities, so those are matched against > the values in left|rightid (or xauth|eap_identity). However, for IKEv1 > there is a lookup based on the IP addresses first and only when using > Aggressive Mode will a responder be able to use identities to find secrets. > >> But is it possible to specify a domain in id selector but >> actually use its resolve IP as the used value? > > No. > > Regards, > Tobias >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
