[Swan] net-to-net for road warriors
Alex
mysqlstudent at gmail.com
Wed Jan 23 16:04:21 UTC 2019
Hi,
> I've now tried to do it using RSA keys, but it has a problem with the
> "%any" statement:
I forgot to add the ipsec auto output that shows it has a problem with %any:
> config setup
> protostack=netkey
>
> conn mysubnet
> also=wyckofftun
> rightsubnet=192.168.11.0/24
> leftsubnet=192.168.1.0/24
> auto=start
>
> conn wyckofftun
> authby=rsasig
> auto=start
> ikev2=insist
> fragmentation=yes
>
> # dynamic side
> rightid=@wyckoff-orion
> right=%any
> # rsakey AwEAAbhmG
> rightrsasigkey=0sAwEAAbhmGOeY6...
>
> # server side
> leftid=@orion-wyckoff
> left=%defaultroute
> # rsakey AwEAAbrFz
> leftrsasigkey=0sAwEAAbrFzHlMRChBGKU...
# ipsec auto --up wyckofftun
029 "wyckofftun": cannot initiate connection without knowing peer IP
address (kind=CK_TEMPLATE)
036 failed to initiate wyckofftun
More information about the Swan
mailing list