On Mon, 9 Mar 2020, Rian Aldridge wrote:
Unfortunately the reason for moving to libreswan was it's availability in stock AWS Linux2, currently version 3.25. Best I can find in a Centos Repo is 3.29 - looks like even if I get this working it'll be unsupported for a long time, so not really an option for a business usage.
We publish centos 6/7/8 binaries on download.libreswan.org
The site2sites (ie PSK) are static and their IP is added to the conf section (AWS %localhost and rightip=1.2.3.4), but the remote ends are turnkey devices so I cannot make them add an IDr payload.
Hmm ok.
The roadwarriors are Mac native VPN clients so even less opportunity to do anything else.
If the Mac's are configured with the remote ID for VPN server set, they will send IDR payloads.
Any clever trick that might work in the 3.25 server version? I tried setting PSK to IKEv1 and certs to ikev2 which surprisingly worked for concurrent connections for about 5 minutes before crashing and burning and needing the AWS server to be soft rebooted so who knows what happened there....
I wonder what happened there..... You can try and change the ordering of the conns that will affect which was is loaded first and tried first? Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
