[Swan] IDs don't match on selected profile, so why is it being selected?
Paul Wouters
paul at nohats.ca
Wed Sep 12 20:23:57 UTC 2018
On Wed, 12 Sep 2018, Matthew Johnson wrote:
> I have two connection on east.
>
> conn test#0.0.0.0/0
> type=transport
> authby=null
> leftid=@mesh
> rightid=@mesh
Both sides cannot have the same ID.
> left=%defaultroute
> right=0.0.0.0
0.0.0.0 is %any, I would write it as %any
> When the connection is initiated by west, it matches test#0.0.0.0/0 on east, which is not what I
> would expect. I would have thought the mismatched left/right IDs would have caused the system to
> find a better match - conman-pool-server. Am I missing something here?
Are you sure? The initial IKE_INIT exchange of packets can match on any
connection where %any is in use. It will be refined on the second packet
exchange(IKE_AUTH) and it can then "switch" connection.
But regardless, the test connection is wrongly using the same ID for
both ends of the connection.
Paul
More information about the Swan
mailing list