Hi,
I'm running Linux Libreswan 3.15 (netkey) on 2.6.32-754.2.1.el6.x86_64
I have two connection on east.
conn test#0.0.0.0/0
type=transport
authby=null
leftid=@mesh
rightid=@mesh
left=%defaultroute
right=0.0.0.0
negotiationshunt=hold
failureshunt=drop
ikev2=insist
auto=add
dpddelay=1
dpdtimeout=3
dpdaction=restart
rekey=yes
retransmit-timeout=5
narrowing=yes
conn conman-pool-server
type=tunnel
authby=null
leftid=@server
rightid=@client
left=%defaultroute
leftsubnet=192.168.99.0/24
leftsourceip=192.168.99.9
right=10.1.190.120/29
rightaddresspool=192.168.99.10-192.168.99.254
negotiationshunt=hold
failureshunt=drop
ikev2=insist
dpddelay=1
dpdtimeout=3
dpdaction=restart
rekey=yes
retransmit-timeout=5
forceencaps=yes
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
On west, I have the following connection:
conn conman-pool-client
type=tunnel
authby=null
leftid=@client
rightid=@server
left=%defaultroute
right=10.1.190.78
rightsubnet=192.168.99.0/24
negotiationshunt=hold
failureshunt=drop
ikev2=insist
auto=route
dpddelay=1
dpdtimeout=3
dpdaction=restart
rekey=yes
retransmit-timeout=5
forceencaps=yes
leftmodecfgclient=yes
rightmodecfgserver=yes
modecfgpull=yes
When the connection is initiated by west, it matches test#0.0.0.0/0 on
east, which is not what I would expect. I would have thought the mismatched
left/right IDs would have caused the system to find a better match -
conman-pool-server. Am I missing something here?
Best regards,
Matt
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
