[Openswan Users] FQDN in ipsec.conf

naveen kumar naveen_mamindla at yahoo.co.in
Tue Aug 9 12:26:39 CEST 2005


Hi Paul,

Thanks for your reply.When I am initiating the
connection from right it was working fine and also
some  changes to my ipsec.conf file and ipsec.secrets
file given below.

Static side (left side)
-----------------------
ipsec.conf
----------
conn static-dynamic
    type=tunnel
    left=XXX.XXX.XXX.XXX
    right=%any                                        
                        
    rightid=@www.naveen2.com
    auth=esp                                          
                         
    authby=secret                                     
                         
    pfs=yes
    keyexchange=ike                                   
                         
    auto=add         

ipsec.secrets
-------------
XXX.XXX.XXX.XXX @www.naveen2.com : PSK "presharedkey"

Dynamic side ( right side)
--------------------------
ipsec.conf
----------
conn dynamic-static
    type=tunnel
    left=%defaultroute
    leftid=@www.naveen2.com
    right=XXX.XXX.XXX.XXX 
    auth=esp                                          
                         
    authby=secret                                     
                         
    pfs=yes
    keyexchange=ike                                   
                         
    auto=add         

ipsec.secrets
-------------
@www.naveen2.com XXX.XXX.XXX.XXX : PSK "presharedkey"

           << End of configuration>>
 << with this configuration everything is working >>
------------------------------------------------------

Now I have one more doubt.If the dynamic IP Address   
 (right side) changes then also IPSec traffic is going
from ipsec0 virtual interface.If i see "ipsec auto
--status" , still ipsec0 is binded to the old
IPAddress only.Is there any thing to do so that when
ever IPAddress changes from dynamic side, we have to
renegotiate the IKE or IPSec should be restarted and
establish the same connection once again.

Thanks 
Naveen.

--- Paul Wouters <paul at xelerance.com> wrote:

> On Tue, 9 Aug 2005, naveen kumar wrote:
> 
> > I have configured the ipsec.conf as below
> >
> > conn static-dynamic
> >    type=tunnel
> >    left=xxx.xxx.xxx.xxx
> >    leftid=@www.naveen1.com
> >    right=%any
> >    rightid=@www.naveen2.com
> >    auth=esp
> >    authby=secret
> >    pfs=yes
> >    keyexchange=ike
> >    auto=add
> >
> > ipsec.secrets
> > -------------
> > @www.naveen1.com @www.naveen2.com : PSK
> "presharedkey"
> >
> > when I do up the connection the following error is
> > coming.
> >
> > 029 "static-dynamic": cannot initiate connection
> > without knowing peer IP address
> 
> left cannot connect to right since the location of
> right is unknown (any). You
> must initiate from right to left.
> 
> Paul
> 



	

	
		
____________________________________________________
Send a rakhi to your brother, buy gifts and win attractive prizes. Log on to http://in.promos.yahoo.com/rakhi/index.html


More information about the Users mailing list