[Openswan Users] Question on DPD
Paul Wouters
paul at xelerance.com
Tue Nov 22 12:11:09 EST 2011
On Tue, 22 Nov 2011, Nick Howitt wrote:
> I have a conn with the far end on a (not very) dynamic IP which I know
> is not ideal. I would like to initiate the conn from my end so I have
> "right=far.end.fqdn" which is fine and works until the far IP changes.
> If the far IP changes I don't think using dpdaction=restart will
> re-evaluate the fqdn. Is this correct? If that is the case do I need a
> watching script to detect when a change of IP happens? ipsec.secrets is
> fine as I use @rightid.
In modern versions with the USE_DYNAMICDNS enabled (the default) it should
do that. Are you sure the configured DNS server is not behind the tunnel
that just died?
Paul
More information about the Users
mailing list