[Swan] What's a "usable" IP?

Paul Wouters paul at nohats.ca
Mon Sep 11 15:01:26 UTC 2017


On Mon, 11 Sep 2017, Whit Blauvelt wrote:

> judgment by pluto:
>
>  Sep 11 09:54:20 nyfw1 pluto[9960]: adding interface enp2s0f1/enp2s0f1 <public IP>:500
>  Sep 11 09:54:20 nyfw1 pluto[9960]: adding interface enp2s0f1/enp2s0f1 <public IP>:4500
>
> Again looking between the older Openswan system which is similarly using a
> public IP which is one of many on a WAN interface without complaint, and
> this Libreswan system where pluto thinks it's not "usable," I see no
> significant difference. In both cases, it's an IP from the middle of the
> range on the interface. Googling I find this error message goes back over a
> decade. But I can't find an instance yet where there's a solution that
> corresponds to my circumstance.
>
> Pluto sees the interface; it sees the public IP on it; it's a good public
> IP; it can even receive the IPsec initialization request from the AWS end
> (which, unlike this one, is behind a NAT). So it looks very much like pluto
> should accept the IP, not refuse to run with it based on unstated criteria.
> At the very least, it should throw an error message which gives the reason
> for its judgment.
>
> "man pluto" gives no definition of a "usable" IP. Is there one somewhere?

If the IP was added after pluto was started, run "ipsec whack --listen"

Paul


More information about the Swan mailing list