If you have a conn:
conn njh
type=tunnel
authby=secret
auto=ignore
#auto=start
left=12345.example.com
leftsourceip=172.17.2.1
leftsubnet=172.17.2.0/24
right=159.203.19.178
rightsourceip=10.137.48.60
rightsubnet=10.137.48.60/16
dpdaction=restart
dpdtimeout=120
dpddelay=30
Then load it with "ipsec auto --add njh" you get the following:
[root@server ~]# ipsec auto --add njh
000 failed to convert '12345.example.com' at load time: not a numeric IPv4 address and name lookup failed (no validation performed)
002 added connection description "njh"
It seems to be because the first subdomain is numeric. It seems to assume that if the first part of the FQDN is numeric then the parameter is going to be an IP address and not an FQDN. In this case 12345 can never be an FQDN, but you get the same issue 123. I have a feeling some cleverer interpretation is needed of this type of parameter.
I have tested this with a valid FQDN like this but can't publish it, unfortunately. You can test it on *.poweredbyclear.com as it has wildcard resolution back to the primary A record.
This is with libreswan-3.25-9.1.el7_8.x86_64.
Regards,
Nick
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
