[strongSwan] Resolve domain for left/rightid?

[Glen Huang]

Currently I have made do with %any as rightid, but I will try it out when I do need a resolved IP there. Thanks for sharing it.

> On Jun 24, 2015, at 8:57 PM, David McCullough <ucdevel at gmail.com> wrote:
> 
> 
> Hi all,
> 
> I have a patch (attached) that I have been meaning to post here
> for comment.  This thread prompted me to send it on.
> 
> It allows the left/rightid to use DNS names when combined with the
> ipv4:/ipv6: ID types to for the ID type.
> 
> The patch could be more comprehensive but it solves the basic use
> case I needed.
> 
> Any comments or suggestions welcome,
> 
> Cheers,
> Davidm
> 
> 
> 
> 
> Glen Huang wrote the following:
>> OK. Thanks a lot.
>> 
>>> On Jun 24, 2015, at 12:27 AM, Tobias Brunner <tobias at strongswan.org> wrote:
>>> 
>>> Hi Glen,
>>> 
>>>> The doc seems to indicate that before 5.0.0, rightid=example.com
>>>> will resolve the domain to an IP address. How to
>>>> get this behavior after 5.0.0.?
>>> 
>>> 5.x won't resolve any hostnames in identities.  If you want to use IPs
>>> just configure the IPs, if they are dynamic use something else as
>>> identities.
>>> 
>>>> Also I guess the ID selector in ipsec.secrets is unrelated to
>>>> left/rightid?
>>> 
>>> The ID selector is a list of identities, so those are matched against
>>> the values in left|rightid (or xauth|eap_identity).  However, for IKEv1
>>> there is a lookup based on the IP addresses first and only when using
>>> Aggressive Mode will a responder be able to use identities to find secrets.
>>> 
>>>> But is it possible to specify a domain in id selector but
>>>> actually use its resolve IP as the used value?
>>> 
>>> No.
>>> 
>>> Regards,
>>> Tobias
>>> 
>> 
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
> 
> -- 
> David McCullough,  ucdevel at gmail.com,   Ph: 0410 560 763
> <strongswan-5.2.2-id-ipvX-dns.patch>