Thank you Paul. So, seems it cannot be more tolerant if right !=%any. Right? In our case, we do provide both left and right with specific IP.
Thanks, Xinwei On Thu, Apr 26, 2018 at 2:01 PM, Paul Wouters <[email protected]> wrote: > On Thu, 26 Apr 2018, Xinwei Hong wrote: > > Currently, 'rightid' is default to 'left'. However, a lot of time the >> remote peer software cannot send out correct rightid (e.g. internal private >> IP >> was used). When we were using racoon, racoon seems to be more tolerant >> and works OK when rightid mismatches. With pluto, we would have to specific >> rightid= whatever the other end sends. Is there a global switch that we >> can turn libreswan to have similar behavior as racoon, i.e. be more tolerant >> with rightid? >> > > We already did that when specifying right=%any and authby=secret. We > know this really means a "group PSK" where ID of IP makes no sense. > > But that code is post 3.23 so please try either a pre-release from > download.libreswan.org/development/ or wait a couple of days for 3.24 ? > > Paul >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
