[Swan] Problem with using FQDN in left/right if it starts with a number
Paul Wouters
paul at nohats.ca
Sun Jan 24 19:23:37 UTC 2021
On Tue, 19 Jan 2021, Cesare Leonardi wrote:
>> https://github.com/libreswan/libreswan/commit/2aa8f96b3ef24e03b286676985981400f3e1f5fa
>>
>> will be in libreswan 4.2.
>
> Hello, I'm not sure if it's covered by your commit or if it's something
> completely unrelated, but after upgrading from 3.32 to 4.1 (Debian testing),
> I see some non-fatal errors in pluto's log, like this:
> =====
> connection "bernibs-voda": bad right --id: illegal (non-DNS-name) character
> in name (ignored)
> added IKEv1 connection "bernibs-voda"
> =====
>
> There are such errors for every connection that has a right value expressed
> as FQDN address. But in my case those names don't start with numbers and the
> corresponding connections work regularly.
>
> To reproduce, try to create the following connection, restart ipsec and then
> check pluto's log:
> =====
> conn test
> auto=ondemand
> authby=secret
> left=192.168.10.22
> right=example.com
> #right=93.184.216.34
> rightsubnet=192.168.33.0/24
> ikev2=no
> ike=aes256-sha1;modp4096
> dpdaction=restart
> dpddelay=10
> dpdtimeout=30
> mtu=1400
with current git I do not get any errors when I add this configuration
to my config and restart pluto.
Paul
More information about the Swan
mailing list