Renaud Allard wrote:
Renaud Allard wrote:
Hello,
I have a gateway running 4.1-current with an ipsec configuration like
this one:
ike passive esp from 172.20.0.0/24 to 172.16.22.0/24 srcid eriador.org
dstid erathia.be
ike passive esp from 172.20.0.0/24 to 192.168.0.0/24 srcid eriador.org
dstid gaye.be
Both remote peers have dynamic IPs
When I run with this configuration, only gaye.be works, erathia.be
does not.
If I swap the lines in the conf, erathia.be works.
Both remote ends have a config like this one:
ike esp from 192.168.0.0/24 to 172.20.0.0/24 srcid gaye.be dstid
eriador.org peer eriador.org
I would expect both to work together, but it does not. Am I missing
something?
I forgot to mention that in the first config, my logs showed:
isakmpd[9065]: ike_phase_1_recv_ID: received remote ID other than
expected gaye.be
and with the lines swapped:
isakmpd[29480]: ike_phase_1_recv_ID: received remote ID other than
expected erathia.be
Removing the dstid part makes the config work. However, it's somewhat an
hole for me to allow everyone with a key to route the range he wants as
long as it is listed.