[Swan] left=%defaultroute and right=my.dns.name does not work.
Scott A. Wozny
sawozny at hotmail.com
Wed Sep 30 18:33:22 UTC 2020
I ran into a very similar problem with this version and the fix was to change auto=start to auto=add and then start the connection from a script with 'ipsec auto --start my-conn' at the end of my boot process.
I ran into DIFFERENT problems after that, but that's a separate issue. 🙂
https://lists.libreswan.org/pipermail/swan/2018/002532.html
HTH,
Scott
________________________________
From: Swan <swan-bounces at lists.libreswan.org> on behalf of Bo Osmann Erichsen <boe at mentor-it.dk>
Sent: September 30, 2020 8:12 AM
To: swan at lists.libreswan.org <swan at lists.libreswan.org>
Subject: Re: [Swan] left=%defaultroute and right=my.dns.name does not work.
Hi guys
ipsec version:
Linux Libreswan 3.23 (netkey) on 4.15.0-64-generic
I get the following issue when i have the following configuration file:
conn FortigateIPSEC
keyexchange=ike
ike="aes256-sha256-modp2048"
esp="aes256-sha256-modp2048"
leftcert="<removed>"
leftsendcert=always
leftrsasigkey=%cert
leftid=%fromcert
left=%defaultroute
leftnexthop=%defaultroute
type=tunnel
pfs=yes
aggressive=yes
ikev2=yes
right=domain-name-of-my-firewall
rightsubnet=x.x.x.x/x
rightid=%fromcert
rightrsasigkey=%cert
auto = start
salifetime = 43200
The issue is with:
left=%defaultroute
right=the-real-domain-name-of-my-firewall
Sep 30 10:07:19 gns3 pluto[24775]: "FortigateIPSEC": We cannot identify ourselves with either end of this conne
ction. 2xx.1xx.2xx.1xx or 0.0.0.0 are not usable
I obscured the ip address for privacy
It works if i replace the domain name with the ipv4 address. The domain name resolves correctly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20200930/0561b4cb/attachment-0001.html>
More information about the Swan
mailing list