[Openswan Users] RE: DPD Site behind NAT

Paul Wouters paul at xelerance.com
Thu Aug 10 01:39:59 EDT 2006


On Thu, 10 Aug 2006, Shi Lang wrote:

> Now I change NATfirewall public IP mapping to the ServerA, after dyndns.com
> has updated, ServerB see ServerA domain name will also change.
> ################################
> So for case, ServerB dpdaction=clear, in order to remove the ServerA domain
> name old IP address (ipsec auto --status can see right is IP resolved from
> ServerA domain name)(remove the whole connection name from the ipsec auto
> --status).
> But my doubt is ServerB dpdaction=clear, then ServerA can not re-establish
> with ServerB already.
> I think ServerB dpdaction should = restart, because once dpd restart we can
> "ipsec auto --status' can see the new ServerA domain IP, and try to
> re-establish with Server A", So for Server A at this case no matter to set
> hold or clear or restart.
>
>
> Please guide me if I am wrong again :)

I am not entirely sure how DPD is actually running things, and if they are
litterary the equivalent of the commands ipsec auto ....

With DPD, you might not be doing a DNS lookup for a change dyndns host.

Paul


More information about the Users mailing list