[Swan] Problem with using FQDN in left/right if it starts with a number
Cesare Leonardi
celeonar at gmail.com
Tue Jan 19 22:48:54 UTC 2021
On 06/01/21 22:04, Paul Wouters wrote:
> Fixed with:
> https://github.com/libreswan/libreswan/commit/2aa8f96b3ef24e03b286676985981400f3e1f5fa
>
>
> will be in libreswan 4.2.
Hello, I'm not sure if it's covered by your commit or if it's something
completely unrelated, but after upgrading from 3.32 to 4.1 (Debian
testing), I see some non-fatal errors in pluto's log, like this:
=====
connection "bernibs-voda": bad right --id: illegal (non-DNS-name)
character in name (ignored)
added IKEv1 connection "bernibs-voda"
=====
There are such errors for every connection that has a right value
expressed as FQDN address. But in my case those names don't start with
numbers and the corresponding connections work regularly.
To reproduce, try to create the following connection, restart ipsec and
then check pluto's log:
=====
conn test
auto=ondemand
authby=secret
left=192.168.10.22
right=example.com
#right=93.184.216.34
rightsubnet=192.168.33.0/24
ikev2=no
ike=aes256-sha1;modp4096
dpdaction=restart
dpddelay=10
dpdtimeout=30
mtu=1400
=====
Now change right= from FQDN to IP address: for me the error message
doesn't appear anymore.
Cesare.
More information about the Swan
mailing list