[strongSwan] leftid in "non-default conn" ignored
Diego Woitasen
diego at woitasen.com.ar
Thu Dec 1 21:36:06 CET 2011
Hi,
Today I was trying with one setup of Strongswan and discovered that
leftid parameters is ignored if you set it outside of the "conn
%default" and cert DN is used as ID.
For example:
conn LabMPLS-site1
ike=aes128-sha1-modp2048!
esp=aes128-sha1-modp2048!
left=172.16.1.129
right=%any
rightsubnet=10.12.160.254/32
leftid=@site1.example.com
leftcert=site1.pem
leftsubnet=10.0.0.0/8
Now, the status of "ipsec statusall" is:
Connections:
LabMPLS-site1: 172.16.1.129...%any, dpddelay=30s
LabMPLS-site1: local: [C=AR, ST=Buenos Aires, L=Ciudad Autonoma de
Buenos Aires, O=XXXX, OU=YYYY, CN=site1] uses public key
authentication
LabMPLS-site1: cert: "C=AR, ST=Buenos Aires, L=Ciudad Autonoma de
Buenos Aires, O=XXXX, OU=YYYY, CN=site1"
LabMPLS-site1: remote: [%any] uses any authentication
LabMPLS-site1: child: 10.0.0.0/8 === 10.12.160.254/32 , dpdaction=clear
If I move leftid to "%default", statusall is:
LabMPLS-site1: local: [site1.example.com] uses public key authentication
Is this intentional or is it a bug?
I was trying to use differents leftids for each connection.
Regards,
Diego
--
Diego Woitasen
More information about the Users
mailing list