[Swan] net-to-net for road warriors

Nick Howitt nick at howitts.co.uk
Thu Jan 24 20:32:35 UTC 2019



On 24/01/2019 19:44, Paul Wouters wrote:
>
> It changes things slightly. If you are on dynamic IP but your machine
> does have its DNS name updated when its IP address changes, then you
> can use right=@DNSNAME and left=@DNSNAME and when the connection fails
> (eg you enable DPD) then the DNS name will be looked up fresh. So in
> that case, both ends can have auto=start and you can run ipsec auto --up
> but you will not be using "%any" in that case.
Hi Paul,
This is good news to me (@DNSNAME), but where is this usage of 
left/right documented? I don't see it in man ipsec.conf. It mentions 
ipsec_ttoaddr(3) but I don't see any documentation on it.
TIA,
Nick


More information about the Swan mailing list