[Openswan Users] Openswan 2.5.17 uses always %any for rightid !?

Swen Vogel s.vogel at schaal-info.de
Mon Apr 14 14:43:17 EDT 2008


After a update to openswan 2.5.17 i have a strange problems with the rightid
option.

No matter what value i specify for rightid, it seems that openswan always
use %any.

 

This problem is related to any connection with a FQDN as rightid.

 

For example a connection to a VPN- Gateway with a dyndns address:

 

 

File /etc/ipsec.conf:

------------------------------------------------

config setup

        interfaces="ipsec0=eth3"

        uniqueids=yes

        OE=off

 

conn durodues

        left = 62.217.39.186

        leftnexthop = 62.217.39.185

        leftsubnet = 172.16.1.0/24

        leftid = 62.217.39.186

        right = durodues.dyndns.org

        rightsubnet = 192.168.100.0/24

        rightid = durodues.dyndns.org

        pfs = yes

        auto = route

        authby = secret

 

 

File /etc/ipsec.conf:

------------------------------------------------

62.217.39.186 durodues.dyndns.org: PSK "xxxx"

 

 

 

After a start of openswan with

"ipsec auto status" i get the following messages.

------------------------------------------------

 

000 "durodues":
172.16.1.0/24===62.217.39.186<62.217.39.186>[S=C]---62.217.39.185...217.220.
236.8<durodues.dyndns.org>[%any,S=C]===192.168.100.0/24; prospective
erouted; eroute owner: #0

000 "durodues":     myip=unset; hisip=unset;

000 "durodues":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 3

000 "durodues": policy: PSK+ENCRYPT+TUNNEL+PFS+lKOD+rKOD; prio: 24,24;
interface: eth3;

000 "durodues": newest ISAKMP SA: #0; newest IPsec SA: #0;

 

 

And after ipsec auto --up durodues:

------------------------------------------------

 

Apr 14 18:11:48 sirouter1 pluto[30555]: durodues #1: initiating Main Mode

Apr 14 18:11:48 sirouter1 pluto[30555]: durodues #1: transition from state
STATE_MAIN_I1 to state STATE_MAIN_I2

Apr 14 18:11:48 sirouter1 pluto[30555]: durodues #1: STATE_MAIN_I2: sent
MI2, expecting MR2

Apr 14 18:11:48 sirouter1 pluto[30555]: durodues #1: transition from state
STATE_MAIN_I2 to state STATE_MAIN_I3

Apr 14 18:11:48 sirouter1 pluto[30555]: durodues #1: STATE_MAIN_I3: sent
MI3, expecting MR3

Apr 14 18:11:49 sirouter1 pluto[30555]: durodues #1: Main mode peer ID is
ID_IPV4_ADDR: '217.220.236.8'

Apr 14 18:11:49 sirouter1 pluto[30555]: durodues #1: we require peer to have
ID '%any', but peer declares '217.220.236.8'

Apr 14 18:11:49 sirouter1 pluto[30555]: durodues #1: sending encrypted
notification INVALID_ID_INFORMATION to 217.220.236.8:500

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080414/058caf81/attachment.html 


More information about the Users mailing list