On Fri, 27 Nov 2015, John Crisp wrote:
We are using 3.15 currently on CentOS6 and working on Libre-Libre
connections.
We have a nice simple working setup with PSK that works well with static
IPs. The problems occur with a Dynamic 'Client/Host' I know this is not
a favoured solution but.....
First is matching identities. I have tried a variety of combinations of
DPD actions/Timeouts etc and things like
right=%any
rightid=remote.dyndns.org
[email protected]
You should use the DNS name (or %any/%defaultroute) for the right/left and
the syntax with the @ for the ID (to prevent the ID from being resolved
as a hostname)
It seems the ID from the Dynamic host does not match the secret but I
If you use [email protected] and [email protected] then
use in ipsec.secrets:
@remote.dyndns.org @local.dyndns.org : PSK "yoursecret"
Note that if your local IP changes, you must run:
ipsec whack --listen
ipsec auto --replace yourconn
(and ipsec auto --up yourconn if you want to start it right away)
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
