On Mon, 11 Sep 2017, Whit Blauvelt wrote:
On Mon, Sep 11, 2017 at 11:01:26AM -0400, Paul Wouters wrote:
On Mon, 11 Sep 2017, Whit Blauvelt wrote:
Sep 11 09:54:20 nyfw1 pluto[9960]: adding interface enp2s0f1/enp2s0f1 <public
IP>:500
Sep 11 09:54:20 nyfw1 pluto[9960]: adding interface enp2s0f1/enp2s0f1 <public
IP>:4500
If the IP was added after pluto was started, run "ipsec whack --listen"
Thanks Paul. The IP was there before pluto was started, but tried "ipsec
whack --listen" anyway.
Still the same. The two lines above show, so it's finding the IP, but then:
Sep 11 11:07:26 nyfw1 pluto[6124]: "amazonwest": We cannot identify ourselves with
either end of this connection. 172.17.10.3 or <public IP> are not usable
Is there any way to override pluto and force it to accept the IP as usable?
Well, if the IP is not local on the machine, it cannot be used to build
a packet with that source address.
If you are on dynamic IP, you probably want to use left=%defaultroute
instead. If you are behind NAT, you need to use the local IP configured
on the host (not the public IP used on the upstream NAT gateway) as
you left= but you might then want to use leftid=publicip.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
