[Swan] Hold state and Dynamic DNS
Paul Wouters
paul at nohats.ca
Sun Oct 4 13:44:32 UTC 2015
On Wed, 16 Sep 2015, Tony Whyman wrote:
> On 16/09/15 10:39, Nick Howitt wrote:
>> I've no idea, but I thought "hold" was only for only fixed IP's.
>
> I supposed this is really what I am trying to understand/clarify. According
> to the docs, "dpdaction=clear is really only useful on the server of a Road
> Warrior config". This seems fine when the right, rightsubnet and rightid all
> have wildcards, and SA initiation is asymmetric. However, the configuration
> that I have is a static one between two servers, except that their IP
> Addresses will occasionally change.
Then hold is right policy. On the next keying attempt, it will do a new
DNS lookup so it should find the new IP address eventually.
Paul
More information about the Swan
mailing list