[Openswan Users] RR to RR connection possible?
Paul Wouters
paul at xelerance.com
Fri Apr 1 11:10:43 CEST 2005
On Fri, 1 Apr 2005, Mike Diehl (Encrypted email preferred) wrote:
> It's been some time since I tried to use Openswan, so this may be an FAQ.
>
> Is it possible to setup connections between two hosts that EACH have dynamic
> IP addresses? At one time, it seemed like it was not. I'm guessing you'd
> have to use certs?
Since both are dynamic, you cannot use IP based authentication. So you
will need to specify left/rightid options. (eg: rightid=@roadwarrior1).
Using certificates is just one way of setting the left/rightid (it will use
the certificate's DN as id). Using raw RSA keys and specific id's should work
too.
You will need to put those IP's in some hostname DNS entry somewhere, or
manually edit the IP address in the config file to be able to find the
roadwarriors.
Paul
More information about the Users
mailing list