On Mon, 11 Sep 2017, Whit Blauvelt wrote:
judgment by pluto:
Sep 11 09:54:20 nyfw1 pluto[9960]: adding interface enp2s0f1/enp2s0f1 <public
IP>:500
Sep 11 09:54:20 nyfw1 pluto[9960]: adding interface enp2s0f1/enp2s0f1 <public
IP>:4500
Again looking between the older Openswan system which is similarly using a
public IP which is one of many on a WAN interface without complaint, and
this Libreswan system where pluto thinks it's not "usable," I see no
significant difference. In both cases, it's an IP from the middle of the
range on the interface. Googling I find this error message goes back over a
decade. But I can't find an instance yet where there's a solution that
corresponds to my circumstance.
Pluto sees the interface; it sees the public IP on it; it's a good public
IP; it can even receive the IPsec initialization request from the AWS end
(which, unlike this one, is behind a NAT). So it looks very much like pluto
should accept the IP, not refuse to run with it based on unstated criteria.
At the very least, it should throw an error message which gives the reason
for its judgment.
"man pluto" gives no definition of a "usable" IP. Is there one somewhere?
If the IP was added after pluto was started, run "ipsec whack --listen"
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
