Maybe you are looking for left=%defaultroute ? IIRC this causes the left IP address to be the IP address of the interface which has the default route.
On Tue, 2012-10-02 at 00:17 -0700, Guru Shetty wrote: > Hello All, > I am using strongswan 4.5.2-1.2(charon) and PSK authentication. > The problem I am facing is quite straight forward. I know the remote > IP(192.168.0.2) address to put in the ipsec.conf. But I do not know > the local IP address and want it to be automatically figured out. > > Looking at the ipsec.conf man page, says left=%any should do the job. > But it does not. Some handshaking messages are exchanged first, but > then it errors out with the following message in the log file: > > Oct 1 23:56:10 moon charon: 15[NET] sending packet: from > 192.168.0.1[4500] to 192.168.0.2[4500] > Oct 1 23:56:10 moon charon: 08[NET] received packet: from > 192.168.0.2[4500] to 192.168.0.1[4500] > Oct 1 23:56:10 moon charon: 08[ENC] parsed IKE_AUTH response 1 [ > N(AUTH_FAILED) ] > Oct 1 23:56:10 moon charon: 08[IKE] received AUTHENTICATION_FAILED notify > error > > I know that I am missing something. Searching the archives did not > give out a clear answer (I tried out setting a random leftid etc) > > My ipsec.secrets: > : PSK "guru" > > I have also tried with > %any 192.168.0.2 : PSK "guru" > > Summary of my ipsec.conf > config setup > nat_traversal=no > charonstart=yes > plutostart=no > > conn %default > ikelifetime=60m > keylife=20m > rekeymargin=3m > keyingtries=1 > authby=psk > keyexchange=ikev2 > installpolicy=yes > > conn sample-self-signed > ike=aes-sha1-modp1024,aes-md5-modp1024 > esp=aes128gcm16-modp2048,aes-sha1-modp1024,aes-md5-modp1024 > type=transport > left=%any > right=192.168.0.2 > auto=start > > > Replacing "%any" by 192.168.0.1 works fine. But that is not what I want. > Please help. > > Thanks, > Guru > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
