# ipsec auto --up wyckofftun
029 "wyckofftun": cannot initiate connection without knowing peer IP
You cannot use right=%any and left=%defaultroute, as then libreswan
cannot determine whether it is supposed to be "right" or "left".
I've used it for years and mention it each time you make this statement.
Regardless, if you initiate, you must know the remote endpoint's DNS
name or IP address. If one endpoint is behind NAT, only that endpoint
can initiate. Unless it is behind a NAT that does port forwarding, in
wich case your right= should be the hostname or IP address of the NAT
device.
Initiating a connection to "any" does not provide information where your
remote endpoint actually is......
Missed that. On the server side "auto" should be set to "add"
Nick
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
