Andreas Stallmann wrote:
Hi Marco, thanks for your help so far. Some additional questions: Marco Berizzi wrote:--tunnel-dst 172.16.1.247 --tunnel-src 172.16.1.226 \ ^^^^^^^^^^^ ^^^^^^^^^^^^ These are the ipsec endpoint addresses (usually public ip addresses)Can I leave those out?
I think yes. I think also you may specify 0.0.0.0 for all ip.
My endpoints do both have dynamical addresses, cause one is a roadwarrior, and the other a firewall, which is connected to the internet via ADSL and receives a new address each 24h.
If you are using swan as IKE daemon you may insert dynamically these rule with left(right)updown script.
