[Swan] What's a "usable" IP?

Whit Blauvelt whit at transpect.com
Mon Sep 11 14:58:10 UTC 2017


Hi,

Just wanted to add that the IP that's not "usable" is found prior to that
judgment by pluto:

  Sep 11 09:54:20 nyfw1 pluto[9960]: adding interface enp2s0f1/enp2s0f1 <public IP>:500
  Sep 11 09:54:20 nyfw1 pluto[9960]: adding interface enp2s0f1/enp2s0f1 <public IP>:4500

Again looking between the older Openswan system which is similarly using a
public IP which is one of many on a WAN interface without complaint, and
this Libreswan system where pluto thinks it's not "usable," I see no
significant difference. In both cases, it's an IP from the middle of the
range on the interface. Googling I find this error message goes back over a
decade. But I can't find an instance yet where there's a solution that
corresponds to my circumstance.

Pluto sees the interface; it sees the public IP on it; it's a good public
IP; it can even receive the IPsec initialization request from the AWS end
(which, unlike this one, is behind a NAT). So it looks very much like pluto
should accept the IP, not refuse to run with it based on unstated criteria.
At the very least, it should throw an error message which gives the reason
for its judgment.

"man pluto" gives no definition of a "usable" IP. Is there one somewhere? 

Thanks,
Whit


More information about the Swan mailing list