[Swan] Is it possible to not be strict with rightid?
Xinwei Hong
xhong at skytap.com
Thu Apr 26 22:28:21 UTC 2018
Thank you Paul.
So, seems it cannot be more tolerant if right !=%any. Right?
In our case, we do provide both left and right with specific IP.
Thanks,
Xinwei
On Thu, Apr 26, 2018 at 2:01 PM, Paul Wouters <paul at nohats.ca> wrote:
> On Thu, 26 Apr 2018, Xinwei Hong wrote:
>
> Currently, 'rightid' is default to 'left'. However, a lot of time the
>> remote peer software cannot send out correct rightid (e.g. internal private
>> IP
>> was used). When we were using racoon, racoon seems to be more tolerant
>> and works OK when rightid mismatches. With pluto, we would have to specific
>> rightid= whatever the other end sends. Is there a global switch that we
>> can turn libreswan to have similar behavior as racoon, i.e. be more tolerant
>> with rightid?
>>
>
> We already did that when specifying right=%any and authby=secret. We
> know this really means a "group PSK" where ID of IP makes no sense.
>
> But that code is post 3.23 so please try either a pre-release from
> download.libreswan.org/development/ or wait a couple of days for 3.24 ?
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180426/03535532/attachment.html>
More information about the Swan
mailing list