Try adding a line "interfaces=%defaultroute" to config setup.
On 23/01/2019 16:04, Alex wrote:
Hi,
I've now tried to do it using RSA keys, but it has a problem with the
"%any" statement:
I forgot to add the ipsec auto output that shows it has a problem with %any:
config setup
protostack=netkey
conn mysubnet
also=wyckofftun
rightsubnet=192.168.11.0/24
leftsubnet=192.168.1.0/24
auto=start
conn wyckofftun
authby=rsasig
auto=start
ikev2=insist
fragmentation=yes
# dynamic side
rightid=@wyckoff-orion
right=%any
# rsakey AwEAAbhmG
rightrsasigkey=0sAwEAAbhmGOeY6...
# server side
leftid=@orion-wyckoff
left=%defaultroute
# rsakey AwEAAbrFz
leftrsasigkey=0sAwEAAbrFzHlMRChBGKU...
# ipsec auto --up wyckofftun
029 "wyckofftun": cannot initiate connection without knowing peer IP
address (kind=CK_TEMPLATE)
036 failed to initiate wyckofftun
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan