[Swan] left=%defaultroute and right=my.dns.name does not work.

[Scott A. Wozny]

I ran into a very similar problem with this version and the fix was to change auto=start to auto=add and then start the connection from a script with 'ipsec auto --start my-conn' at the end of my boot process.

I ran into DIFFERENT problems after that, but that's a separate issue.  🙂

https://lists.libreswan.org/pipermail/swan/2018/002532.html

HTH,

Scott

________________________________
From: Swan <swan-bounces at lists.libreswan.org> on behalf of Bo Osmann Erichsen <boe at mentor-it.dk>
Sent: September 30, 2020 8:12 AM
To: swan at lists.libreswan.org <swan at lists.libreswan.org>
Subject: Re: [Swan] left=%defaultroute and right=my.dns.name does not work.


Hi guys
ipsec version:
Linux Libreswan 3.23 (netkey) on 4.15.0-64-generic

I get the following issue when i have the following configuration file:

conn FortigateIPSEC

     keyexchange=ike

     ike="aes256-sha256-modp2048"

     esp="aes256-sha256-modp2048"

     leftcert="<removed>"

     leftsendcert=always

     leftrsasigkey=%cert

     leftid=%fromcert

     left=%defaultroute

     leftnexthop=%defaultroute

     type=tunnel

     pfs=yes

     aggressive=yes

     ikev2=yes

     right=domain-name-of-my-firewall

     rightsubnet=x.x.x.x/x

     rightid=%fromcert

     rightrsasigkey=%cert

     auto = start

     salifetime = 43200



The issue is with:

left=%defaultroute
right=the-real-domain-name-of-my-firewall

Sep 30 10:07:19 gns3 pluto[24775]: "FortigateIPSEC": We cannot identify ourselves with either end of this conne
ction. 2xx.1xx.2xx.1xx or 0.0.0.0 are not usable
I obscured the ip address for privacy

It works if i replace the domain name with the ipv4 address. The domain name resolves correctly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20200930/0561b4cb/attachment-0001.html>