Re: [Swan] net-to-net for road warriors

Nick Howitt Wed, 23 Jan 2019 08:10:34 -0800

Try adding a line "interfaces=%defaultroute" to config setup.


On 23/01/2019 16:04, Alex wrote:

Hi,

I've now tried to do it using RSA keys, but it has a problem with the
"%any" statement:

I forgot to add the ipsec auto output that shows it has a problem with %any:

config setup
         protostack=netkey

conn mysubnet
         also=wyckofftun
         rightsubnet=192.168.11.0/24
         leftsubnet=192.168.1.0/24
         auto=start

conn wyckofftun
         authby=rsasig
         auto=start
         ikev2=insist
         fragmentation=yes

         # dynamic side
         rightid=@wyckoff-orion
         right=%any
         # rsakey AwEAAbhmG
         rightrsasigkey=0sAwEAAbhmGOeY6...

         # server side
         leftid=@orion-wyckoff
         left=%defaultroute
         # rsakey AwEAAbrFz
         leftrsasigkey=0sAwEAAbrFzHlMRChBGKU...

# ipsec auto --up wyckofftun
029 "wyckofftun": cannot initiate connection without knowing peer IP
address (kind=CK_TEMPLATE)
036 failed to initiate wyckofftun
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan


_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan

Re: [Swan] net-to-net for road warriors

Reply via email to