[strongSwan] %any in ipsec.secrets
Germano Veit Michel
germanovmichel at aim.com
Fri Mar 9 18:24:15 CET 2012
Hello,
Let me describe a simple scenario (that works):
A <----------------------------------> B
10.1.1.1 10.1.1.2
ipsec.conf is properly configured for both A and B.
ipsec.secrets for A
10.1.1.1 10.1.1.2 : PSK "test123"
ipsec.secrets for B
10.1.1.2 10.1.1.1 : PSK "test123"
Now let's say A's IP changes every once in a while and I don't want to rewrite ipsec.secrets every single time the address changes.
I assume one should modify ipsec.secrets to:
ipsec.secrets for A
%any 10.1.1.2 : PSK "test123"
ipsec.secrets for B
10.1.1.2 %any : PSK "test123"
Doesn't work anymore. It seems to me that strongswan doesn't like the %any configuration for it's own address. Looks like %any only matches de peer's IP.
Shouldn't it match both IP's (own and peer)?
Thank you,
Germano Veit Michel
germanovmichel at aim.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120309/363e3e1d/attachment.html>
More information about the Users
mailing list