[strongSwan] Resolve domain for left/rightid?
Glen Huang
curvedmark at gmail.com
Wed Jun 24 08:40:26 CEST 2015
OK. Thanks a lot.
> On Jun 24, 2015, at 12:27 AM, Tobias Brunner <tobias at strongswan.org> wrote:
>
> Hi Glen,
>
>> The doc seems to indicate that before 5.0.0, rightid=example.com
>> will resolve the domain to an IP address. How to
>> get this behavior after 5.0.0.?
>
> 5.x won't resolve any hostnames in identities. If you want to use IPs
> just configure the IPs, if they are dynamic use something else as
> identities.
>
>> Also I guess the ID selector in ipsec.secrets is unrelated to
>> left/rightid?
>
> The ID selector is a list of identities, so those are matched against
> the values in left|rightid (or xauth|eap_identity). However, for IKEv1
> there is a lookup based on the IP addresses first and only when using
> Aggressive Mode will a responder be able to use identities to find secrets.
>
>> But is it possible to specify a domain in id selector but
>> actually use its resolve IP as the used value?
>
> No.
>
> Regards,
> Tobias
>
More information about the Users
mailing list