[prev in list] [next in list] [prev in thread] [next in thread]
List: libreswan
Subject: Re: [Swan] IDs don't match on selected profile, so why is it being selected?
From: Paul Wouters <paul () nohats ! ca>
Date: 2018-09-12 20:23:57
Message-ID: alpine.LRH.2.21.1809121620450.25673 () bofh ! nohats ! ca
[Download RAW message or body]
On Wed, 12 Sep 2018, Matthew Johnson wrote:
> I have two connection on east.
>
> conn test#0.0.0.0/0
> type=transport
> authby=null
> leftid=@mesh
> rightid=@mesh
Both sides cannot have the same ID.
> left=%defaultroute
> right=0.0.0.0
0.0.0.0 is %any, I would write it as %any
> When the connection is initiated by west, it matches test#0.0.0.0/0 on east, which is not what I
> would expect. I would have thought the mismatched left/right IDs would have caused the system to
> find a better match - conman-pool-server. Am I missing something here?
Are you sure? The initial IKE_INIT exchange of packets can match on any
connection where %any is in use. It will be refined on the second packet
exchange(IKE_AUTH) and it can then "switch" connection.
But regardless, the test connection is wrongly using the same ID for
both ends of the connection.
Paul
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic