I ran into a very similar problem with this version and the fix was to change auto=start to auto=add and then start the connection from a script with 'ipsec auto --start my-conn' at the end of my boot process.
I ran into DIFFERENT problems after that, but that's a separate issue. 🙂 https://lists.libreswan.org/pipermail/swan/2018/002532.html HTH, Scott ________________________________ From: Swan <[email protected]> on behalf of Bo Osmann Erichsen <[email protected]> Sent: September 30, 2020 8:12 AM To: [email protected] <[email protected]> Subject: Re: [Swan] left=%defaultroute and right=my.dns.name does not work. Hi guys ipsec version: Linux Libreswan 3.23 (netkey) on 4.15.0-64-generic I get the following issue when i have the following configuration file: conn FortigateIPSEC keyexchange=ike ike="aes256-sha256-modp2048" esp="aes256-sha256-modp2048" leftcert="<removed>" leftsendcert=always leftrsasigkey=%cert leftid=%fromcert left=%defaultroute leftnexthop=%defaultroute type=tunnel pfs=yes aggressive=yes ikev2=yes right=domain-name-of-my-firewall rightsubnet=x.x.x.x/x rightid=%fromcert rightrsasigkey=%cert auto = start salifetime = 43200 The issue is with: left=%defaultroute right=the-real-domain-name-of-my-firewall Sep 30 10:07:19 gns3 pluto[24775]: "FortigateIPSEC": We cannot identify ourselves with either end of this conne ction. 2xx.1xx.2xx.1xx or 0.0.0.0 are not usable I obscured the ip address for privacy It works if i replace the domain name with the ipv4 address. The domain name resolves correctly.
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
