Re: [Users] both ends dynamic and using dns names rather than ip

On Thu, 2003-10-09 at 13:25, Erich Titl wrote:
> Brian

Hi Erich,

> OK, I believe this is pretty standard.
>
> # connection between 2 FreeS/Wan boxes on dynamic adresses
> conn gatekeeper-wrap

Right. But this still has the problem that if the connection drops on one end or the other, the end that dropped the connection cannot always be the initiator of the tunnels because the other end was configured using the IP that the FQDN resolved to when it was started (i.e. prior to the other end having been given a new address).

To re-iterate previous messages in this discussion, ideally, pluto does not care what IP address a connection/session request comes from as long as it has an RSA key, and on the sending end, pluto resolves the FQDN specified in the config file every time it re-sends (i,e, previous attempts time out) connection/session setup requests.

[ realizing that this is probably not really fodder for the "users" list...] Are there any technical barriers (i.e. major design issues) to implementing this or is it just a case of something that just has not been done yet?

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

b.

-- 
My other computer is your Microsoft Windows server.

Brian J. Murrell