[strongSwan] Sending INIT_CONTACT during "ipsec up .... "
morkitz at gmail.com
Mon Nov 14 15:10:33 CET 2016
Thanks for the answer.
I thought that somehow the peer identity is stored internally in the client
after the peer responds...
Considering what you said, why then if I use a rightid parameter like this:
rightid="C=*, ST=*, O=*, OU=*, CN=*"
using wildcards does indeed result in sending the INIT_CONTACT in the
Shouldn't the same apply when you use wildcards then ? Because in this case
also is not determined on what the exact peer identity is, but still the
INIT_CONTACT is being sent...?
On Mon, Nov 14, 2016 at 11:40 AM Tobias Brunner <tobias at strongswan.org>
> Hi Marko,
> > What is the reason for this ? Is it the expected behaviour ?
> Yes, how could the client know that this is the first IKE_SA with the
> peer if it doesn't know the peer's identity (rightid=%any)?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users