On Wed, Jun 3, 2015 at 1:17 PM, Jonathan Bennett <[email protected]> wrote:
> Looking at nat-access, it seems that the internal destination must be an > ip address. Is this correct? > Yes, that is correct. The only DNS resolution (outside of -R external IP lookups) done currently is by the client for the main SPA destination if it is a hostname instead of an IP. > If so, it would be useful to support resolving a dns name instead of only > allowing an ip. Use case being a local network that runs dhcp. Individual > devices can be assigned different ip addresses, but if dns is set up > correctly, it should always resolve to the correct machine. > Agreed this would be nice. There are a couple of ways this could be implemented. Probably the easiest would be to extend the server-side FORCE_NAT variables in the access.conf file to allow hostnames. This would mean that libfko would not need to be changed, but the downside would be that the client could not specify the desired hostname up front. A more complete solution would be to extend libfko itself. This would allow the server to receive the hostname via an SPA packet, and then the server can do the resolution which is likely a requirement to make this feature really work to account for internal vs. external DNS mappings. I think we can do both of the above starting with extending the FORCE_NAT stuff in one of the next releases. I'll add the libfko change as well, but probably for the 3.0 release which will also introduce some other libfko changes. Thanks, --Mike > ~Jonathan Bennett > >
------------------------------------------------------------------------------
_______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
