diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc
index 114d0f794..1286d2292 100644
--- a/src/etc/inc/plugins.inc.d/ipsec.inc
+++ b/src/etc/inc/plugins.inc.d/ipsec.inc
@@ -559,6 +559,19 @@ function ipsec_get_number_of_phase2($ikeid)
     return $nbph2;
 }
 
+function ipsec_resolve($hostname)
+{
+    if (!is_ipaddr($hostname)) {
+        /* XXX IPv4-only */
+        $ip = gethostbyname($hostname);
+        if ($ip && $ip != $hostname) {
+            $hostname = $ip;
+        }
+    }
+
+    return $hostname;
+}
+
 function ipsec_find_id(&$ph1ent, $side = 'local')
 {
     $id_data = null;
@@ -578,8 +591,11 @@ function ipsec_find_id(&$ph1ent, $side = 'local')
         case "myaddress":
             $thisid_data = ipsec_get_phase1_src($ph1ent);
             break;
+        case "dyn_dns":
+            $thisid_data = ipsec_resolve($id_data);
+            break;
         case "peeraddress":
-            $thisid_data = $ph1ent['remote-gateway'];
+            $thisid_data = ipsec_resolve($ph1ent['remote-gateway']);
             break;
         default:
             $thisid_data = !empty($id_data) ? "{$id_data}" : null;