Project

General

Profile

Actions

Regression #11555

closed

IPsec peer ID of "Any" does not generate a proper remote definition or related secrets

Added by Jim Pingle 8 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
02/26/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:

Description

When a peer identifier is set to "Any" the resulting swanctl.conf remote block does not contain an id line. According to the strongSwan docs it should be id = %any.

Might also need to account for that in the secrets section as well. Though checking briefly here I do see %any in at least one of my configurations.

As a result this seems to be causing strongSwan to match sometimes and not others, but it needs more testing to identify why.


Files

ipsec-config-11555.xml (1.82 KB) ipsec-config-11555.xml Jim Pingle, 03/11/2021 03:26 PM
Actions

Also available in: Atom PDF