[Openswan Users] ipsec.secrets for a host with a dynamic IP

Nick Howitt n1ck.h0w1tt at gmail.com
Thu Oct 22 14:01:30 EDT 2009


Hi,

I have a dynamic (almost static) IP address with a tunnel I initiate to 
another router. Currently my ipsec.sectrets reads:

myfqdn farfqdn : PSK "shared secret"

In the ipsec.conf I can use %defaultroute for left so if my IP changes 
it always picks up the correct one. In ipsec.secrets I cannot see any 
equivalent parameter so I use myfqdn instead. This means that if my IP 
changes I have to wait for the change to ripple through the Dynamic DNS 
system before I can reconnect the tunnel. An alternative would be to 
write a script and make the script insert my IP into the ipsec.secrets 
file. This is pretty inelegant. Is there any alternative or can 
%defaultroute be made to work? I understand a script may still be needed 
to monitor a change in my IP (or a tunnel drop) and reload ipsec 
secrets, but that would be better than having to wait for the Dynamic 
DNS system to catch up.

Thanks,

Nick


More information about the Users mailing list