[Swan] Hold state and Dynamic DNS

Paul Wouters paul at nohats.ca
Sun Oct 4 13:44:32 UTC 2015


On Wed, 16 Sep 2015, Tony Whyman wrote:

> On 16/09/15 10:39, Nick Howitt wrote:
>> I've no idea, but I thought "hold" was only for only fixed IP's.
>
> I supposed this is really what I am trying to understand/clarify. According 
> to the docs, "dpdaction=clear is really only useful on the server of a Road 
> Warrior config". This seems fine when the right, rightsubnet and rightid all 
> have wildcards, and SA initiation is asymmetric. However, the configuration 
> that I have is a static one between two servers, except that their IP 
> Addresses will occasionally change.

Then hold is right policy. On the next keying attempt, it will do a new
DNS lookup so it should find the new IP address eventually.

Paul


More information about the Swan mailing list