[strongSwan] Sending INIT_CONTACT during "ipsec up .... "
Marko Burazin
morkitz at gmail.com
Mon Nov 14 15:10:33 CET 2016
Hi Tobias,
Thanks for the answer.
I thought that somehow the peer identity is stored internally in the client
after the peer responds...
Considering what you said, why then if I use a rightid parameter like this:
rightid="C=*, ST=*, O=*, OU=*, CN=*"
using wildcards does indeed result in sending the INIT_CONTACT in the
IKE_AUTH request...
Shouldn't the same apply when you use wildcards then ? Because in this case
also is not determined on what the exact peer identity is, but still the
INIT_CONTACT is being sent...?
Regards,
Marko.
On Mon, Nov 14, 2016 at 11:40 AM Tobias Brunner <tobias at strongswan.org>
wrote:
> Hi Marko,
>
> > What is the reason for this ? Is it the expected behaviour ?
>
> Yes, how could the client know that this is the first IKE_SA with the
> peer if it doesn't know the peer's identity (rightid=%any)?
>
> Regards,
> Tobias
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161114/2bba9033/attachment.html>
More information about the Users
mailing list