[Swan] net-to-net for road warriors

Paul Wouters paul at nohats.ca
Fri Feb 1 14:33:46 UTC 2019

On Fri, 1 Feb 2019, Nick Howitt wrote:

> [root at ad-dc-server ~]# ipsec auto --replace nick-ikev2
> 002 "nick-ikev2": deleting non-instance connection
> 000 failed to convert '@howitts.co.uk' at load time: illegal (non-DNS-name) character in name
> 002 added connection description "nick-ikev2"

No "@" is needed for the left= / right= option. Use left=FQDN. Then
addconn will send both the DNS name and an IP address to pluto. Pluto
on rekeying will notice there was a DNS name supplied and do a fresh
lookup. This has been in libreswan for a long time, ever since removing
the DYNDNS compile time option.


More information about the Swan mailing list