On Wed, 23 Jan 2019, Nick Howitt wrote:
# ipsec auto --up wyckofftun
029 "wyckofftun": cannot initiate connection without knowing peer IP
You cannot use right=%any and left=%defaultroute, as then libreswan
cannot determine whether it is supposed to be "right" or "left".
I've used it for years and mention it each time you make this statement.
I agree in some cases it works to load and you can possible respond to
a connection. In general, it is easier to tell people not to do that.
For example, if not using leftid= and behind a portforward, using
left=%defaultroute will end up using a leftid=INTERNAL_IP which is bad.
but yes, if you are careful, it can be used on the server side, but it
can never be used on the client side.
Initiating a connection to "any" does not provide information where your
remote endpoint actually is......
Missed that. On the server side "auto" should be set to "add"
yes, and running ipsec auto --up won't work.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
