[Swan] IDs don't match on selected profile, so why is it being selected?
Matthew Johnson
matthew.f.j at gmail.com
Wed Sep 12 20:10:26 UTC 2018
Hi,
I'm running Linux Libreswan 3.15 (netkey) on 2.6.32-754.2.1.el6.x86_64
I have two connection on east.
conn test#0.0.0.0/0
type=transport
authby=null
leftid=@mesh
rightid=@mesh
left=%defaultroute
right=0.0.0.0
negotiationshunt=hold
failureshunt=drop
ikev2=insist
auto=add
dpddelay=1
dpdtimeout=3
dpdaction=restart
rekey=yes
retransmit-timeout=5
narrowing=yes
conn conman-pool-server
type=tunnel
authby=null
leftid=@server
rightid=@client
left=%defaultroute
leftsubnet=192.168.99.0/24
leftsourceip=192.168.99.9
right=10.1.190.120/29
rightaddresspool=192.168.99.10-192.168.99.254
negotiationshunt=hold
failureshunt=drop
ikev2=insist
dpddelay=1
dpdtimeout=3
dpdaction=restart
rekey=yes
retransmit-timeout=5
forceencaps=yes
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
On west, I have the following connection:
conn conman-pool-client
type=tunnel
authby=null
leftid=@client
rightid=@server
left=%defaultroute
right=10.1.190.78
rightsubnet=192.168.99.0/24
negotiationshunt=hold
failureshunt=drop
ikev2=insist
auto=route
dpddelay=1
dpdtimeout=3
dpdaction=restart
rekey=yes
retransmit-timeout=5
forceencaps=yes
leftmodecfgclient=yes
rightmodecfgserver=yes
modecfgpull=yes
When the connection is initiated by west, it matches test#0.0.0.0/0 on
east, which is not what I would expect. I would have thought the mismatched
left/right IDs would have caused the system to find a better match -
conman-pool-server. Am I missing something here?
Best regards,
Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180912/a21276b0/attachment.html>
More information about the Swan
mailing list