[strongSwan] Resolve domain for left/rightid?

Tobias Brunner tobias at strongswan.org
Tue Jun 23 18:27:33 CEST 2015

Hi Glen,

> The doc seems to indicate that before 5.0.0, rightid=example.com
> will resolve the domain to an IP address. How to
> get this behavior after 5.0.0.?

5.x won't resolve any hostnames in identities.  If you want to use IPs
just configure the IPs, if they are dynamic use something else as

> Also I guess the ID selector in ipsec.secrets is unrelated to
> left/rightid?

The ID selector is a list of identities, so those are matched against
the values in left|rightid (or xauth|eap_identity).  However, for IKEv1
there is a lookup based on the IP addresses first and only when using
Aggressive Mode will a responder be able to use identities to find secrets.

> But is it possible to specify a domain in id selector but
> actually use its resolve IP as the used value?



More information about the Users mailing list