[Swan] Dynamic Hosts
Paul Wouters
paul at nohats.ca
Fri Nov 27 16:34:11 UTC 2015
On Fri, 27 Nov 2015, John Crisp wrote:
> We are using 3.15 currently on CentOS6 and working on Libre-Libre
> connections.
>
> We have a nice simple working setup with PSK that works well with static
> IPs. The problems occur with a Dynamic 'Client/Host' I know this is not
> a favoured solution but.....
> First is matching identities. I have tried a variety of combinations of
> DPD actions/Timeouts etc and things like
>
> right=%any
> rightid=remote.dyndns.org
> rightid=@remote.dyndns.org
You should use the DNS name (or %any/%defaultroute) for the right/left and
the syntax with the @ for the ID (to prevent the ID from being resolved
as a hostname)
> It seems the ID from the Dynamic host does not match the secret but I
If you use rightid=@remote.dyndns.org and leftid=@local.dyndns.org then
use in ipsec.secrets:
@remote.dyndns.org @local.dyndns.org : PSK "yoursecret"
Note that if your local IP changes, you must run:
ipsec whack --listen
ipsec auto --replace yourconn
(and ipsec auto --up yourconn if you want to start it right away)
Paul
More information about the Swan
mailing list