[Swan] What's a "usable" IP?
Whit Blauvelt
whit at transpect.com
Thu Sep 21 13:18:24 UTC 2017
On Sun, Sep 17, 2017 at 11:16:26PM -0400, Paul Wouters wrote:
Your suggestion:
> conn amazonwest
> left=%defaultroute
> leftsunet=DD.EE.FF.245/32
> leftsourceip=DD.EE.FF.245
> leftid="DD.EE.FF.245"
> right=AA.BB.CC.108
> rightid="AA.BB.CC.108"
> auto=start
cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:11: syntax error,
unexpected STRING [leftsunet]
If I take line out that out I get back to:
Sep 21 09:10:13 nyfw1 pluto[32739]: "amazonwest": We cannot identify
ourselves with either end of this connection. AA.BB.CC.108 or
AA.BB.CC.102 are not usable
ip addr ls:
5: enp2s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether a0:36:9f:a6:f8:51 brd ff:ff:ff:ff:ff:ff
inet AA.BB.CC.102/27 brd AA.BB.CC.127 scope global enp2s0f1
valid_lft forever preferred_lft forever
inet AA.BB.CC.108/32 scope global enp2s0f1
valid_lft forever preferred_lft forever
We're really back to: What is the logic that declares public IPs which are
on the local system and perfectly functional "not usable"? I'm suspecting
that libreswan is doing some sort of simple-minded analysis of routing
tables; this system, having multiple interfaces, has multiple tables. Yet
those are correct, and routing for this interface is in all respects
working. Also, I've long had openswan running on systems similarly
configured, without this problem.
Best,
Whit
More information about the Swan
mailing list