A frees/wan question

[Howard Lowndes]

I am setting up Frees/wan IPSec tunnels between two sites that both have
dynamic IPs.

I can get both sites to do a dynamic DNS update (both forward and reverse)
to a DNS server with a static IP before I need the tunnels to come up.

At the left end, basically the listening end, I have no problems because I
use:
keyingretries=1
left=%defaultroute
leftrsasigkey=%dns
leftid=@left.domain.name.com
right=%any
rightrsasigkey=%dns
rightid=@right.domain.name.com
auto=add

At the right end, the sending end, I use what is essentially a Road
Warrior setting:
keyingretries=0
leftrsasigkey=%dns
leftid=@left.domain.name.com
right=%defaultroute
rightrsasigkey=%dns
rightid=@right.domain.name.com
auto=start

What I would like to put here is:
left=%dns

It makes sense to me that that should work, after all it uses the DNS to
get the KEY record so why not the A record, but it is not valid.

I was wondering if opportunistic keying might be the answer, but apart
from having difficulty understanding it, I am not sure if it is what I
want anyway.

Any ideas?

-- 
Howard.
LANNet Computing Associates - Your Linux people
Contact detail at http://www.lannetlinux.com
 "We are either doing something, or we are not.
 'Talking about' is a subset of 'not'."