[strongSwan] %any in ipsec.secrets
Andreas Steffen
andreas.steffen at strongswan.org
Fri Mar 9 19:58:28 CET 2012
Hello Germano,
the order of the identities in ipsec.secrets entries does not
matter. If %any does not work then just define
10.1.1.2 : PSK "test123"
Regards
Andreas
On 09.03.2012 18:24, Germano Veit Michel wrote:
> Hello,
>
> Let me describe a simple scenario (that works):
>
> A <----------------------------------> B
> 10.1.1.1 10.1.1.2
>
> ipsec.conf is properly configured for both A and B.
>
> ipsec.secrets for A
> 10.1.1.1 10.1.1.2 : PSK "test123"
>
> ipsec.secrets for B
> 10.1.1.2 10.1.1.1 : PSK "test123"
>
>
>
>
>
> Now let's say A's IP changes every once in a while and I don't want to
> rewrite ipsec.secrets every single time the address changes.
> I assume one should modify ipsec.secrets to:
>
> ipsec.secrets for A
> %any 10.1.1.2 : PSK "test123"
>
> ipsec.secrets for B
> 10.1.1.2 %any : PSK "test123"
>
> Doesn't work anymore. It seems to me that strongswan doesn't like the
> %any configuration for it's own address. Looks like %any only matches de
> peer's IP.
>
> Shouldn't it match both IP's (own and peer)?
>
> Thank you,
>
> Germano Veit Michel
> germanovmichel at aim.com
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4489 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120309/58e321c2/attachment.bin>
More information about the Users
mailing list