[Swan] net-to-net for road warriors
Nick Howitt
nick at howitts.co.uk
Wed Jan 23 16:10:01 UTC 2019
Try adding a line "interfaces=%defaultroute" to config setup.
On 23/01/2019 16:04, Alex wrote:
> Hi,
>
>
>> I've now tried to do it using RSA keys, but it has a problem with the
>> "%any" statement:
> I forgot to add the ipsec auto output that shows it has a problem with %any:
>
>> config setup
>> protostack=netkey
>>
>> conn mysubnet
>> also=wyckofftun
>> rightsubnet=192.168.11.0/24
>> leftsubnet=192.168.1.0/24
>> auto=start
>>
>> conn wyckofftun
>> authby=rsasig
>> auto=start
>> ikev2=insist
>> fragmentation=yes
>>
>> # dynamic side
>> rightid=@wyckoff-orion
>> right=%any
>> # rsakey AwEAAbhmG
>> rightrsasigkey=0sAwEAAbhmGOeY6...
>>
>> # server side
>> leftid=@orion-wyckoff
>> left=%defaultroute
>> # rsakey AwEAAbrFz
>> leftrsasigkey=0sAwEAAbrFzHlMRChBGKU...
> # ipsec auto --up wyckofftun
> 029 "wyckofftun": cannot initiate connection without knowing peer IP
> address (kind=CK_TEMPLATE)
> 036 failed to initiate wyckofftun
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list