Annotation of embedaddon/strongswan/testing/tests/ikev1/dynamic-two-peers/description.txt, revision 1.1
1.1 ! misho 1: The peers <b>carol</b>, <b>dave</b>, and <b>moon</b> all have dynamic IP addresses,
! 2: so that the remote end is defined symbolically by <b>right=%<hostname></b>.
! 3: The ipsec starter resolves the fully-qualified hostname into the current IP address
! 4: via a DNS lookup (simulated by an /etc/hosts entry). Since the peer IP addresses are
! 5: expected to change over time, the prefix '%' is used as an implicit alternative to the
! 6: explicit <b>rightallowany=yes</b> option which will allow an IKE
! 7: main mode rekeying to arrive from an arbitrary IP address under the condition that
! 8: the peer identity remains unchanged. When this happens the old tunnel is replaced
! 9: by an IPsec connection to the new origin.
! 10: <p>
! 11: In this scenario both <b>carol</b> and <b>dave</b> initiate a tunnel to
! 12: <b>moon</b> which has a named connection definition for each peer. Although
! 13: the IP addresses of both <b>carol</b> and <b>dave</b> are stale, thanks to
! 14: the '%' prefix <b>moon</b> will accept the IKE negotiations from the actual IP addresses.
! 15:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to description.txt CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / testing / tests / ikev1 / dynamic-two-peers