On Wed, 12 Sep 2018, Matthew Johnson wrote:
I have two connection on east.
conn test#0.0.0.0/0
type=transport
authby=null
leftid=@mesh
rightid=@mesh
Both sides cannot have the same ID.
left=%defaultroute
right=0.0.0.0
0.0.0.0 is %any, I would write it as %any
When the connection is initiated by west, it matches test#0.0.0.0/0 on east,
which is not what I
would expect. I would have thought the mismatched left/right IDs would have
caused the system to
find a better match - conman-pool-server. Am I missing something here?
Are you sure? The initial IKE_INIT exchange of packets can match on any
connection where %any is in use. It will be refined on the second packet
exchange(IKE_AUTH) and it can then "switch" connection.
But regardless, the test connection is wrongly using the same ID for
both ends of the connection.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
