[Swan] left=%defaultroute and right=my.dns.name does not work.

Bo Osmann Erichsen boe at mentor-it.dk
Wed Sep 30 12:12:48 UTC 2020


Hi guys
ipsec version:
Linux Libreswan 3.23 (netkey) on 4.15.0-64-generic
I get the following issue when i have the following configuration file:
conn FortigateIPSEC
     keyexchange=ike
     ike="aes256-sha256-modp2048"
     esp="aes256-sha256-modp2048"
     leftcert="<removed>"
     leftsendcert=always
     leftrsasigkey=%cert
     leftid=%fromcert
     left=%defaultroute
     leftnexthop=%defaultroute
     type=tunnel
     pfs=yes
     aggressive=yes
     ikev2=yes
     right=domain-name-of-my-firewall
     rightsubnet=x.x.x.x/x
     rightid=%fromcert
     rightrsasigkey=%cert
     auto = start
     salifetime = 43200

The issue is with:
left=%defaultroute
right=the-real-domain-name-of-my-firewall
Sep 30 10:07:19 gns3 pluto[24775]: "FortigateIPSEC": We cannot identify ourselves with either end of this conne
ction. 2xx.1xx.2xx.1xx or 0.0.0.0 are not usable
I obscured the ip address for privacy
It works if i replace the domain name with the ipv4 address. The domain name resolves correctly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20200930/01980543/attachment.html>


More information about the Swan mailing list