[Swan] net-to-net for road warriors
Nick Howitt
nick at howitts.co.uk
Wed Jan 23 18:24:34 UTC 2019
# ipsec auto --up wyckofftun
>> 029 "wyckofftun": cannot initiate connection without knowing peer IP
>
> You cannot use right=%any and left=%defaultroute, as then libreswan
> cannot determine whether it is supposed to be "right" or "left".
>
I've used it for years and mention it each time you make this statement.
> Regardless, if you initiate, you must know the remote endpoint's DNS
> name or IP address. If one endpoint is behind NAT, only that endpoint
> can initiate. Unless it is behind a NAT that does port forwarding, in
> wich case your right= should be the hostname or IP address of the NAT
> device.
>
> Initiating a connection to "any" does not provide information where your
> remote endpoint actually is......
Missed that. On the server side "auto" should be set to "add"
Nick
More information about the Swan
mailing list