I'm trying to make an opportunistic ipsec configuration, below are attached my
what I have in my .conf file and my policy file:
please note that when I use right:(my_ip) and left:(otherside_ip) , my
libreswan works just fine, it is just when I try to use opportunistic I get the
following error : (after I do "ipsec auto --start private")
"cannot initiate connection (serial $7) without knowing peer IP address
(kind=CK_GROUP)"
I'm very new and I have no idea why he can't figure out the Ip address or what
I'm supposed to do, since I gave him the expected IPs CIDR ...
(btw my configuration are two machines that are connected directly back to back)
and all I do is "ipsec setup --start" on both of them , then I try to do "ipsec
auto --start private" on one of them - without opportunstic that works fine ...
also when I try to use left = %defaultroute , it doesn't work same error (
matter of fact default route doesnt work without opportunstic even and i'm not
sure what its value is in my case ..)
here is my .conf file:
conn private
leftid=@west
left=172.16.0.1
#left=%defaultroute
leftrsasigkey=0sAwEAAaxcwaWgb9+1zXbEG7mqfPaPBeGREwtkoEnuoldwxx9M2T8PR1Nb3TZjySV8wIOyJqPOlMx31EzsePXysNJqlclKHXpayqutfyKz5FPn0SC6GlBDdkQduSJo6Jj/YK2oZmGmwkr6xgtDzksIrZVHP1+ImR6FE4oyTU4OOA0BzC53kcm/U3JUyxdwDv59+SQVY0AtUYmBxRBFEq5+uxtDc118VhmasEY2OSbtwP+kQIjcGU9JZTQyTtjNgrulSms0WvL1u7KCXD8uWF3p6aiL6abycmNbCIV83KPuuvxXzP/cDPPwolzayX3feQykFwqAlT2YHYJHkXNqkr6ycX8Q4SDGrIxnZeo7cdahhoGOHqoVsMly6C4sD1KrbgJOy5Fv2n4wW2YyfeFrxyxxm7txgeiRHqntRLfssaTUcmqY6ShWA5ickJZlosFMyxQ9UDQB8m2DLiL0jAUKgsjsp5yDQd0eoV6qT9WXxCRYoWSyieeEHqe36QPENlyEjX2UOAWI909uwo/ZJJGrBH76fqX2voU=
rightid=@east
#right=172.16.0.2
right=%opportunisticgroup
rightrsasigkey=0sAwEAAZX+dhUk4BHitbWoJ8LSQlSBaRUnbRjEm4PXuYCjOIyJ97Gglb51gInf7RQUNd6TXPSOAHqtVwiP2ncwIXmbSb/Y3uBleUWIb+Uvu4VFmmZciX0iK2jsVkeghTxO+GGPaXexGRWVdBbHFCbOy4r2/eX5wtHb854u5+vwBF8tgvTizDMZqJHZ9QeCtpdhPFU+oZxIDXYlyKFUG//ckVt204GHMC7WYUPcIQ8HKejth9wjw3QT1Vi/ybfAj5WZSKN44yyo2cofCfsgVosXJQbARs3bQoTSB9bBEGJ+YGTh7ItSTsTzxA09ICGM6F7uuLRfAxHJ1E0FqlLKw+4h0J/FaI3DyjmgNyuRI9t0MSgo0AqjkiMEBqizhUpNk0L7s5oq70BgY0YYSGDS4p/ITKTho0KNo4ShVOM0xmrmsrpp9FQYW+808JQ2FWLmzsVifSGEu/eJZgyDwdPkWTqHJJvaScnamPbHphbbaYtGhjmRQ6hJmng+wvBhNoQTcAi5z8rdKKN8Ns920hcXZgHR3gqgPDT23fpw8oB7R2zFApm1pEPMd8stH7wNUZMqCrdyDMwsor7aCslgtCMZ
authby=null
auto=ondemand
keyingtries=1
type=transport
nic-offload=packet
and here is my policies/private
172.16.0.0/24
my machines have ips of 172.16.0.1 and 172.16.0.2
and obviously the second machine got the same policies file and very
similar.conf file(but left and right changed accordingly).
any idea what I'm doing wrong or how can I get opportunstic configuration to
work ?
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
