Currently I have made do with %any as rightid, but I will try it out when I do need a resolved IP there. Thanks for sharing it.
> On Jun 24, 2015, at 8:57 PM, David McCullough <[email protected]> wrote: > > > Hi all, > > I have a patch (attached) that I have been meaning to post here > for comment. This thread prompted me to send it on. > > It allows the left/rightid to use DNS names when combined with the > ipv4:/ipv6: ID types to for the ID type. > > The patch could be more comprehensive but it solves the basic use > case I needed. > > Any comments or suggestions welcome, > > Cheers, > Davidm > > > > > Glen Huang wrote the following: >> OK. Thanks a lot. >> >>> On Jun 24, 2015, at 12:27 AM, Tobias Brunner <[email protected]> wrote: >>> >>> Hi Glen, >>> >>>> The doc seems to indicate that before 5.0.0, rightid=example.com >>>> will resolve the domain to an IP address. How to >>>> get this behavior after 5.0.0.? >>> >>> 5.x won't resolve any hostnames in identities. If you want to use IPs >>> just configure the IPs, if they are dynamic use something else as >>> identities. >>> >>>> Also I guess the ID selector in ipsec.secrets is unrelated to >>>> left/rightid? >>> >>> The ID selector is a list of identities, so those are matched against >>> the values in left|rightid (or xauth|eap_identity). However, for IKEv1 >>> there is a lookup based on the IP addresses first and only when using >>> Aggressive Mode will a responder be able to use identities to find secrets. >>> >>>> But is it possible to specify a domain in id selector but >>>> actually use its resolve IP as the used value? >>> >>> No. >>> >>> Regards, >>> Tobias >>> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> https://lists.strongswan.org/mailman/listinfo/users > > -- > David McCullough, [email protected], Ph: 0410 560 763 > <strongswan-5.2.2-id-ipvX-dns.patch> _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
