On 27/11/15 16:23, John Crisp wrote: > We are using 3.15 currently on CentOS6 and working on Libre-Libre > connections. > > We have a nice simple working setup with PSK that works well with static > IPs. The problems occur with a Dynamic 'Client/Host' I know this is not > a favoured solution but..... >
Awww damn - just noticed this for starters https://github.com/libreswan/libreswan/issues/27 "If using multiple connections with roadwarriors, ensure your end's ID is matched uniquely (so not the IP) You must use Aggressive Mode, not Main Mode, when using IKEv1 if you want the IKE connection to be able to use the ID to match a different secret. (aggrmode=yes) Of course, we strongly recommend not to use Aggressive Mode with PSK. You should strongly consider using X.509 certificates instead of PSKs" Probably out to set to ike v2 and try with leftid/rightid again ?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
