[Swan] Wildcarding rightid

Messa, Michael - 0664 - MITLL mmessa at ll.mit.edu
Tue Apr 2 23:58:59 UTC 2019


Thanks in advance for your support.

I am attempting to configure a client to connect with a server in tunnel mode where the client does not know the ID of the server prior to initiating the key exchange, and the authentication uses a pre-shared key (PSK). The server is required to identify itself for authentication using a fixed, verbatim identification string. The client's sole existence is to connect to only this one server. The inner and outer IPs of both ends of the tunnel are known ahead of time. The client always initiates the connection.

Using StrongSwan I've been able to configure a client with a "rightid=%any", which effectively allows me to wildcard the IDr in the IKE. Does LibreSwan offer such a flexibility? If so, what is the appropriate configuration. I've tried "rightid=%any" despite no documentation saying it was supported. The result was that rightid defaulted to right (as described in the documentation) and the IKE fails with an error like:

> 003 "XXX_tunnel" #582: we require IKEv2 peer to have ID 'XXXX.XXXX.XXXX.XXXX', but peer declares '@#0x0000XXXXXXXX'

Thanks again for your time.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20190402/3faaeb98/attachment.html>

More information about the Swan mailing list