[Swan] Fw: Libreswan 3.27 left=%eth1 is not resolving local IP

Paul Wouters paul at nohats.ca
Tue Apr 14 03:08:10 UTC 2020

On Tue, 3 Mar 2020, Rene Neumann wrote:

> Subject: Re: [Swan] Fw: Libreswan 3.27 left=%eth1 is not resolving local IP
> Hello Paul,
> A colleague of mine went through the setup again and the last working version was 3.20,
> Attached are the log files and an example of the test.conf which we are currently using for the tests. As we did
> some other changes on our site as well, will I try to rule out any of that.
> One question I have is what is libreswan using to identify the IP's, when I do a normal IPsec status the
> interfaces have the correct IP's.

Note that git master should be working with this now.

Antony found the issue and fixed it. Included the diff below for you.


diff --git a/lib/libipsecconf/confread.c b/lib/libipsecconf/confread.c
index 04cfb5dd18..0dd410959a 100644
--- a/lib/libipsecconf/confread.c
+++ b/lib/libipsecconf/confread.c
@@ -480,7 +480,7 @@ static bool validate_end(struct starter_conn *conn_st,

                 if (end->strings[KSCF_IP][0] == '%') {
-                       end->iface = clone_str(end->strings[KSCF_IP], "KH_IPADDR end->iface");
+                       end->iface = clone_str(end->strings[KSCF_IP] + 1, "KH_IPADDR end->iface");
                         if (!starter_iface_find(end->iface, hostfam,


More information about the Swan mailing list