Hi guys
ipsec version:
Linux Libreswan 3.23 (netkey) on 4.15.0-64-generic
I get the following issue when i have the following configuration file:
conn FortigateIPSEC
keyexchange=ike
ike="aes256-sha256-modp2048"
esp="aes256-sha256-modp2048"
leftcert="<removed>"
leftsendcert=always
leftrsasigkey=%cert
leftid=%fromcert
left=%defaultroute
leftnexthop=%defaultroute
type=tunnel
pfs=yes
aggressive=yes
ikev2=yes
right=domain-name-of-my-firewall
rightsubnet=x.x.x.x/x
rightid=%fromcert
rightrsasigkey=%cert
auto = start
salifetime = 43200
The issue is with:
left=%defaultroute
right=the-real-domain-name-of-my-firewall
Sep 30 10:07:19 gns3 pluto[24775]: "FortigateIPSEC": We cannot identify
ourselves with either end of this conne
ction. 2xx.1xx.2xx.1xx or 0.0.0.0 are not usable
I obscured the ip address for privacy
It works if i replace the domain name with the ipv4 address. The domain name
resolves correctly.
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
