[Swan] Is it possible to not be strict with rightid?
Paul Wouters
paul at nohats.ca
Thu Apr 26 21:01:10 UTC 2018
On Thu, 26 Apr 2018, Xinwei Hong wrote:
> Currently, 'rightid' is default to 'left'. However, a lot of time the remote peer software cannot send out correct rightid (e.g. internal private IP
> was used). When we were using racoon, racoon seems to be more tolerant and works OK when rightid mismatches. With pluto, we would have to specific
> rightid= whatever the other end sends. Is there a global switch that we can turn libreswan to have similar behavior as racoon, i.e. be more tolerant
> with rightid?
We already did that when specifying right=%any and authby=secret. We
know this really means a "group PSK" where ID of IP makes no sense.
But that code is post 3.23 so please try either a pre-release from
download.libreswan.org/development/ or wait a couple of days for 3.24 ?
Paul
More information about the Swan
mailing list