Hi Paul On 30/11/17 15:14, Paul Wouters wrote: > On Fri, 24 Nov 2017, John Crisp wrote: > > The issue here is that LibreToDHCP overlaps with LibreToMain because one > has right=1.2.3.4 and the other has right=%any. But the ID's used > are the same on both connections. Why can you not _only_ use the > LibreToDHCP connection, since 1.2.3.4 can also be "any". That way, the > connection will see a second attempt as replacing the existing > connection, and you won't get "eroute already in use". >
Thanks for that.
I was trying to be security conscious and pin the right to the correct
addresses where i could!
Unfortunately I can't see a way to make the Endian box use different
certs for outgoing connections hence the rightcert HAS to be "Endian"
As an extra then, if I run ipsec/xl2tpd on the same server, will there
be any confusion over right being %any ? I presume so.....
e.g If I also have a L2TPD ipsec transport connection like this.
conn L2TPD-PSK
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
type=transport
forceencaps=yes
right=%any
rightprotoport=17/%any
left=%defaultroute
leftprotoport=17/1701
dpddelay=20
dpdtimeout=90
dpdaction=clear
Not sure how else to differentiate connections with %any
B. Rgds
John
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
