[Openswan Users] ipsec.secrets for a host with a dynamic IP
Nick Howitt
n1ck.h0w1tt at gmail.com
Thu Oct 22 14:01:30 EDT 2009
Hi,
I have a dynamic (almost static) IP address with a tunnel I initiate to
another router. Currently my ipsec.sectrets reads:
myfqdn farfqdn : PSK "shared secret"
In the ipsec.conf I can use %defaultroute for left so if my IP changes
it always picks up the correct one. In ipsec.secrets I cannot see any
equivalent parameter so I use myfqdn instead. This means that if my IP
changes I have to wait for the change to ripple through the Dynamic DNS
system before I can reconnect the tunnel. An alternative would be to
write a script and make the script insert my IP into the ipsec.secrets
file. This is pretty inelegant. Is there any alternative or can
%defaultroute be made to work? I understand a script may still be needed
to monitor a change in my IP (or a tunnel drop) and reload ipsec
secrets, but that would be better than having to wait for the Dynamic
DNS system to catch up.
Thanks,
Nick
More information about the Users
mailing list