[strongSwan] %any in ipsec.secrets

Germano Veit Michel germanovmichel at aim.com
Fri Mar 9 18:24:15 CET 2012


Hello,


Let me describe a simple scenario (that works):


A <----------------------------------> B
10.1.1.1                     10.1.1.2


ipsec.conf is properly configured for both A and B.


ipsec.secrets for A
10.1.1.1 10.1.1.2 : PSK "test123"


ipsec.secrets for B
10.1.1.2 10.1.1.1 : PSK "test123"











Now let's say A's IP changes every once in a while and I don't want to rewrite ipsec.secrets every single time the address changes.
I assume one should modify ipsec.secrets to:



ipsec.secrets for A
%any 10.1.1.2 : PSK "test123"


ipsec.secrets for B
10.1.1.2 %any : PSK "test123"




Doesn't work anymore. It seems to me that strongswan doesn't like the %any configuration for it's own address. Looks like %any only matches de peer's IP.


Shouldn't it match both IP's (own and peer)? 


Thank you,


Germano Veit Michel
germanovmichel at aim.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120309/363e3e1d/attachment.html>


More information about the Users mailing list