[Swan] left=%defaultroute and right=my.dns.name does not work.
Bo Osmann Erichsen
boe at mentor-it.dk
Wed Sep 30 12:12:48 UTC 2020
Hi guys
ipsec version:
Linux Libreswan 3.23 (netkey) on 4.15.0-64-generic
I get the following issue when i have the following configuration file:
conn FortigateIPSEC
keyexchange=ike
ike="aes256-sha256-modp2048"
esp="aes256-sha256-modp2048"
leftcert="<removed>"
leftsendcert=always
leftrsasigkey=%cert
leftid=%fromcert
left=%defaultroute
leftnexthop=%defaultroute
type=tunnel
pfs=yes
aggressive=yes
ikev2=yes
right=domain-name-of-my-firewall
rightsubnet=x.x.x.x/x
rightid=%fromcert
rightrsasigkey=%cert
auto = start
salifetime = 43200
The issue is with:
left=%defaultroute
right=the-real-domain-name-of-my-firewall
Sep 30 10:07:19 gns3 pluto[24775]: "FortigateIPSEC": We cannot identify ourselves with either end of this conne
ction. 2xx.1xx.2xx.1xx or 0.0.0.0 are not usable
I obscured the ip address for privacy
It works if i replace the domain name with the ipv4 address. The domain name resolves correctly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20200930/01980543/attachment.html>
More information about the Swan
mailing list