[Openswan Users] Managing site to site VPNs where either end may have enforced NAT applied to it
Paul Wouters
paul at xelerance.com
Wed Jun 17 00:02:31 EDT 2009
On Wed, 17 Jun 2009, Anthony wrote:
> Has anyone done this kind of setup where sites may switch back and
> forth between playing initiator and responder (I suspect it's likely
> I'll need to override some of the "smarts" of the appliance, but I do
> have SSH CLI access to it).
Per default, openswan can switch without problem between being initiator
and responder. however, it requires either a static ip or a "static" dns
name to connect to. It sounds like you wont have a static up, so you
will need ensure your openswan is compiled with USE_DYNAMICDNS, so that
on initiating, it will do a new lookup on the dns name, which you can
then update (eg dyndns and friends)
Paul
More information about the Users
mailing list