[Swan] net-to-net for road warriors

Paul Wouters paul at nohats.ca
Fri Jan 25 03:23:11 UTC 2019


On Thu, 24 Jan 2019, Nick Howitt wrote:

>>
>>  It changes things slightly. If you are on dynamic IP but your machine
>>  does have its DNS name updated when its IP address changes, then you
>>  can use right=@DNSNAME and left=@DNSNAME and when the connection fails
>>  (eg you enable DPD) then the DNS name will be looked up fresh. So in
>>  that case, both ends can have auto=start and you can run ipsec auto --up
>>  but you will not be using "%any" in that case.
> Hi Paul,
> This is good news to me (@DNSNAME), but where is this usage of left/right 
> documented? I don't see it in man ipsec.conf.

I've added a note to the "left" section of the man page. Thanks for
pointing out this information was missing.

> It mentions ipsec_ttoaddr(3) but I don't see any documentation on it.

I don't see a mention of ipsec_ttoaddr anymore? We have removed those in
the past because we no longer ship/maintain those pages.

Paul


More information about the Swan mailing list