On 2 October 2012 00:51, Richard Andrews <[email protected]> wrote: > Maybe you are looking for left=%defaultroute ? > > IIRC this causes the left IP address to be the IP address of the > interface which has the default route. I did try this. But when I use %defaultroute, it seems to pick the "default gateway" in the routing table instead of the interface from which the destination is actually reachable.
As I wrote in a different mail, "left=%any" works in 4.6.4. Thanks, Guru > > > On Tue, 2012-10-02 at 00:17 -0700, Guru Shetty wrote: >> Hello All, >> I am using strongswan 4.5.2-1.2(charon) and PSK authentication. >> The problem I am facing is quite straight forward. I know the remote >> IP(192.168.0.2) address to put in the ipsec.conf. But I do not know >> the local IP address and want it to be automatically figured out. >> >> Looking at the ipsec.conf man page, says left=%any should do the job. >> But it does not. Some handshaking messages are exchanged first, but >> then it errors out with the following message in the log file: >> >> Oct 1 23:56:10 moon charon: 15[NET] sending packet: from >> 192.168.0.1[4500] to 192.168.0.2[4500] >> Oct 1 23:56:10 moon charon: 08[NET] received packet: from >> 192.168.0.2[4500] to 192.168.0.1[4500] >> Oct 1 23:56:10 moon charon: 08[ENC] parsed IKE_AUTH response 1 [ >> N(AUTH_FAILED) ] >> Oct 1 23:56:10 moon charon: 08[IKE] received AUTHENTICATION_FAILED notify >> error >> >> I know that I am missing something. Searching the archives did not >> give out a clear answer (I tried out setting a random leftid etc) >> >> My ipsec.secrets: >> : PSK "guru" >> >> I have also tried with >> %any 192.168.0.2 : PSK "guru" >> >> Summary of my ipsec.conf >> config setup >> nat_traversal=no >> charonstart=yes >> plutostart=no >> >> conn %default >> ikelifetime=60m >> keylife=20m >> rekeymargin=3m >> keyingtries=1 >> authby=psk >> keyexchange=ikev2 >> installpolicy=yes >> >> conn sample-self-signed >> ike=aes-sha1-modp1024,aes-md5-modp1024 >> esp=aes128gcm16-modp2048,aes-sha1-modp1024,aes-md5-modp1024 >> type=transport >> left=%any >> right=192.168.0.2 >> auto=start >> >> >> Replacing "%any" by 192.168.0.1 works fine. But that is not what I want. >> Please help. >> >> Thanks, >> Guru >> >> _______________________________________________ >> Users mailing list >> [email protected] >> https://lists.strongswan.org/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
