On Tue, Nov 06, 2018 at 05:42:08PM -0500, Daniel Ouellet wrote:
> The source ID does default yes, but I have a tunnel gateway for multiple
> VPN and I HAD to specify the dstid on the passive side as well or ONLY
> the last rule was picked up for the 0.0.0.0/0 of some of them as an
> example for
The source ID does default yes, but I have a tunnel gateway for multiple
VPN and I HAD to specify the dstid on the passive side as well or ONLY
the last rule was picked up for the 0.0.0.0/0 of some of them as an
example for all the traffic flowing via the VPN.
Any overlapping routes where not
Thanks for the input, however, I think srcid defaults to the hostname when it’s
omitted. Explicitly setting it didn’t give me any luck.
> On Nov 7, 2018, at 2:33 AM, J Evans <3...@startmail.com> wrote:
>
> I am by no means an expert, but for my setup, in order to get multiple
> policies
I am by no means an expert, but for my setup, in order to get multiple
policies working, I had to specify both srcid and dstid for each policy
on the passive peer. And then I set srcid and dstid for the policies on
the active peers.
All incoming connections go to “redheart” policy. “blackjack” users cannot
connect. I’m using 6.4.
# iked -dv
set_policy: could not find pubkey for /etc/iked/pubkeys/fqdn/blackjack.local
ikev2 "blackjack" passive esp inet from 0.0.0.0/0 to 10.0.0.2 local
45.32.34.115 peer any ikesa
What happens when you remove quick from both policies?
On Mon, Nov 5, 2018 at 7:00 AM 雷致强 wrote:
>
> OpenIKED is so great when I use one policy for all users. However, I’m having
> trouble when I try to apply different policies to different users.
> With iked.conf followed, iked seems to applies
OpenIKED is so great when I use one policy for all users. However, I’m having
trouble when I try to apply different policies to different users.
With iked.conf followed, iked seems to applies “blackjack” policy to incoming
connections only, which keeps the users of “redheart” out.
ikev2
7 matches
Mail list logo
