On 2011-01-01, Matt Evans <m...@mattevans.org> wrote: > I've never seen an example where hostnames are used in place of static > IP addresses in configuration files. Is it the case that anywhere I see > an ip address (filenames, conf file values, etc), I could just as easily > put in foo.dyndns.org?
In many cases this works, though in some cases there are hidden problems (e.g. it is often not advisable to do this in pf.conf). With most configuration files in OpenBSD (including, particularly relevant here, ipsec.conf) the name is resolved _when the configuration file is read_ so you will need some way to monitor for address changes and reload the configuration. You might find that OpenVPN is better for this usage case as it has specific support for dynamic endpoints (i.e. it re-resolves the name when keepalives fail).
